Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system package management tool must not automatically obtain updates.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| GEN008820-ESXI5-PNF | GEN008820-ESXI5-PNF | GEN008820-ESXI5-PNF_rule | Low |
| Description |
|---|
| System package management tools can obtain a list of updates and patches from a package repository and make this information available to the SA for review and action. Using a package repository outside of the organization's control, presents a risk that malicious packages could be introduced. Applicable, but permanent not-a-finding - vUM (VMware Update Manager) is installed on a system separate from the ESXi 5 server (the vUM application may or may not be installed on the same physical machine as the vCenter Server application). The Update Manager Download Service (server) can be a physical or virtual machine and must have a valid Internet connection. however, VMware's Update Manager cannot be installed on the same server. The Update Manager Download Service must be on a separate platform as it contains its own database. Refer to VCENTER-000034. |
| STIG | Date |
|---|---|
| VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-GEN008820-ESXI5-PNF_chk ) |
|---|
| ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding. |
| Fix Text (F-GEN008820-ESXI5-PNF_fix) |
|---|
| This requirement is permanent not a finding. No fix is required. |