The SSH daemon must use a FIPS 140-2 validated cryptographic module (operating in FIPS mode).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
GEN005490-ESXI5-PF	GEN005490-ESXI5-PF	GEN005490-ESXI5-PF_rule		Medium

Description
Cryptographic modules used by the system must be validated by the NIST CVMP as compliant with FIPS 140-Cryptography performed by modules not validated is viewed by NIST as providing no protection for the data. Permanent finding - Note that although VMware includes SSH as a method to remotely access the ESXi Shell, this version does not provide all the flexibilities of a "full" installation, i.e., "limited" configuration file(s). By default, SSH is disabled on the ESXi-v5 host.

Description

Cryptographic modules used by the system must be validated by the NIST CVMP as compliant with FIPS 140-Cryptography performed by modules not validated is viewed by NIST as providing no protection for the data. Permanent finding - Note that although VMware includes SSH as a method to remotely access the ESXi Shell, this version does not provide all the flexibilities of a "full" installation, i.e., "limited" configuration file(s). By default, SSH is disabled on the ESXi-v5 host.

STIG	Date
VMware ESXi v5 Security Technical Implementation Guide	2013-01-15

Details

Check Text ( C-GEN005490-ESXI5-PF_chk )
ESXi does not support this requirement. This is a permanent finding.

Fix Text (F-GEN005490-ESXI5-PF_fix)
This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented but this finding cannot be considered fixed.