The system boot loader must require authentication.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
GEN008700-ESXI5-PNF	GEN008700-ESXI5-PNF	GEN008700-ESXI5-PNF_rule		High

Description
If the system's boot loader does not require authentication, users with console access to the system may be able to alter the system boot configuration or boot the system into single user or maintenance mode, which could result in Denial-of-Service or unauthorized privileged access to the system. Applicable, but permanent not-a-finding - The bootstrap process begins with the CPU executing software contained in ROM/BIOS at a predefined address. This software contains rudimentary functionality to search for devices eligible to participate in booting, and load a small program from a special section (most commonly the boot sector) of the configured boot device. See also GEN008620-ESXI5-000054.

Description

If the system's boot loader does not require authentication, users with console access to the system may be able to alter the system boot configuration or boot the system into single user or maintenance mode, which could result in Denial-of-Service or unauthorized privileged access to the system. Applicable, but permanent not-a-finding - The bootstrap process begins with the CPU executing software contained in ROM/BIOS at a predefined address. This software contains rudimentary functionality to search for devices eligible to participate in booting, and load a small program from a special section (most commonly the boot sector) of the configured boot device. See also GEN008620-ESXI5-000054.

STIG	Date
VMware ESXi v5 Security Technical Implementation Guide	2013-01-15

Details

Check Text ( C-GEN008700-ESXI5-PNF_chk )
ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding.

Fix Text (F-GEN008700-ESXI5-PNF_fix)
This requirement is permanent not a finding. No fix is required.