UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must secure virtual machines as it would secure physical machines.


Overview

Finding ID Version Rule ID IA Controls Severity
ESXI5-VM-000048 ESXI5-VM-000048 ESXI5-VM-000048_rule High
Description
A key to understanding the security requirements of a virtualized environment is the recognition that a virtual machine is, in most respects, the equivalent of a physical server. Therefore, it is critical to employ the same security measures in virtual machines that would be done for physical servers. The guest operating system that runs in the virtual machine is subject to the same security risks as a physical system.
STIG Date
VMware ESXi v5 Security Technical Implementation Guide 2013-01-15

Details

Check Text ( C-ESXI5-VM-000048_chk )


Ask the SA if all active and dormant virtual machines are kept patched and up to date. Additionally, ask the SA if antivirus, antispyware, and intrusion detection software is installed, enabled and kept up to date.

If all virtual machines are not patched and up to date, this is a finding.

If all virtual machines do not have antivirus, antispyware, and intrusion detection software installed, this is a finding.
Fix Text (F-ESXI5-VM-000048_fix)


Patch and update all active and dormant virtual machines. Install, enable, and keep all antivirus, antispyware, and intrusion detection software up to date.