UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The operating system must prevent access to organization-defined security-relevant information except during secure, non-operable system states.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-OS-000008-ESXI5-PNF SRG-OS-000008-ESXI5-PNF SRG-OS-000008-ESXI5-PNF_rule Medium
Description
Security-relevant information is any information within the information system potentially impacting the operation of security functions in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data. Organizations may define specific security relevant information requiring protection. Filtering rules for routers and firewalls, cryptographic key management information, key configuration parameters for security services, and access control lists are examples of security-relevant information. Secure, non-operable system states are states in which the information system is not performing mission/business-related processing (e.g., the system is off-line for maintenance, troubleshooting, boot-up, shutdown). Access to these types of data is to be prevented unless the system is in a maintenance mode or has otherwise been brought off-line. The goal is to minimize the potential that a security configuration or data may be dynamically and perhaps surreptitiously overwritten or changed (without going through a formal system change process documenting the changes). Permanent not a finding - A requirement already exists for the system to operate in Full Lockdown Mode, i.e., access is strictly controlled via the vSphere Client/vCenter system via the VPXuser proxy account only.
STIG Date
VMware ESXi v5 Security Technical Implementation Guide 2013-01-15

Details

Check Text ( C-SRG-OS-000008-ESXI5-PNF_chk )
ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding.
Fix Text (F-SRG-OS-000008-ESXI5-PNF_fix)
This requirement is permanent not a finding. No fix is required.