The operating system must retain the notification message or banner on the screen until users take explicit actions to logon for further access.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-OS-000024-ESXI5-PNF	SRG-OS-000024-ESXI5-PNF	SRG-OS-000024-ESXI5-PNF_rule		Medium

Description
To establish acceptance of system usage policy, a click-through banner at operating system logon is required. The banner must prevent further activity on the application unless and until the user executes a positive action to manifest agreement by clicking the indicated acceptance. Permanent not a finding - During normal operation, Lockdown mode (required) limits access via the vpxuser proxy (password is 32 chars, not configurable, and changed every 30 days "or" sooner when/if a new host is configured/controlled by the vCenter Server). Maintenance mode (ESXi Shell uses /etc/issue and/or /etc/banner for login. Excepting root, there are no users on the hypervisor.

Description

To establish acceptance of system usage policy, a click-through banner at operating system logon is required. The banner must prevent further activity on the application unless and until the user executes a positive action to manifest agreement by clicking the indicated acceptance. Permanent not a finding - During normal operation, Lockdown mode (required) limits access via the vpxuser proxy (password is 32 chars, not configurable, and changed every 30 days "or" sooner when/if a new host is configured/controlled by the vCenter Server). Maintenance mode (ESXi Shell uses /etc/issue and/or /etc/banner for login. Excepting root, there are no users on the hypervisor.

STIG	Date
VMware ESXi v5 Security Technical Implementation Guide	2013-01-15

Details

Check Text ( C-SRG-OS-000024-ESXI5-PNF_chk )
ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding.

Fix Text (F-SRG-OS-000024-ESXI5-PNF_fix)
This requirement is permanent not a finding. No fix is required.