The system must secure virtual machines as it would secure physical machines.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| ESXI5-VM-000048 | ESXI5-VM-000048 | ESXI5-VM-000048_rule | High |
| Description |
|---|
| A key to understanding the security requirements of a virtualized environment is the recognition that a virtual machine is, in most respects, the equivalent of a physical server. Therefore, it is critical to employ the same security measures in virtual machines that would be done for physical servers. The guest operating system that runs in the virtual machine is subject to the same security risks as a physical system. |
| STIG | Date |
|---|---|
| VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-ESXI5-VM-000048_chk ) |
|---|
| Ask the SA if all active and dormant virtual machines are kept patched and up to date. Additionally, ask the SA if antivirus, antispyware, and intrusion detection software is installed, enabled and kept up to date. If all virtual machines are not patched and up to date, this is a finding. If all virtual machines do not have antivirus, antispyware, and intrusion detection software installed, this is a finding. |
| Fix Text (F-ESXI5-VM-000048_fix) |
|---|
| Patch and update all active and dormant virtual machines. Install, enable, and keep all antivirus, antispyware, and intrusion detection software up to date. |