UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must use and update a DoD-approved virus scan program.


Overview

Finding ID Version Rule ID IA Controls Severity
GEN006640-ESXI5-PNF GEN006640-ESXI5-PNF GEN006640-ESXI5-PNF_rule Medium
Description
Virus scanning software can be used to protect a system from penetration by computer viruses and to limit their spread through intermediate systems. Virus scanning software is available to DoD on the JTF-GNO web site. Not applicable - ESXi is neither a GP environment, nor does it utilize a COS. ESXi provides for console functionality (for initial configuration, troubleshooting, and Technical Support) via the Direct Connect User Interface (DCUI) and Tech Support Mode. These strongly controlled interfaces provide GP-like console functionality augmented for security and trust. All binaries executed in ESXi are signed, keyed, or validated by strong controls. There is no facility to interpret code at runtime and the compiled modules are subject to both the controls for execution and a default-deny policy (for unsigned code), integral to the kernel. Based on Regulatory Compliance, VMware believes that the customers should categorize ESX/ESXi hypervisors as they would for other network based appliances and treat them accordingly. Following the Best Practices outlined in the vSphere hardening guides reasonably ensures the security and integrity of the ESXi host's management interfaces.
STIG Date
VMware ESXi v5 Security Technical Implementation Guide 2013-01-15

Details

Check Text ( C-GEN006640-ESXI5-PNF_chk )
ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding.
Fix Text (F-GEN006640-ESXI5-PNF_fix)
This requirement is permanent not a finding. No fix is required.