Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system boot loader must require authentication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| GEN008700-ESXI5-PNF | GEN008700-ESXI5-PNF | GEN008700-ESXI5-PNF_rule | High |
| Description |
|---|
| If the system's boot loader does not require authentication, users with console access to the system may be able to alter the system boot configuration or boot the system into single user or maintenance mode, which could result in Denial-of-Service or unauthorized privileged access to the system. Applicable, but permanent not-a-finding - The bootstrap process begins with the CPU executing software contained in ROM/BIOS at a predefined address. This software contains rudimentary functionality to search for devices eligible to participate in booting, and load a small program from a special section (most commonly the boot sector) of the configured boot device. See also GEN008620-ESXI5-000054. |
| STIG | Date |
|---|---|
| VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-GEN008700-ESXI5-PNF_chk ) |
|---|
| ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding. |
| Fix Text (F-GEN008700-ESXI5-PNF_fix) |
|---|
| This requirement is permanent not a finding. No fix is required. |