The operating system must disable information system functionality that provides the capability for automatic execution of code on mobile devices without user direction.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-OS-000035-ESXI5-PNF	SRG-OS-000035-ESXI5-PNF	SRG-OS-000035-ESXI5-PNF_rule		Medium

Description
Mobile devices include portable storage media (e.g., USB memory sticks, external hard disk drives) and portable computing and communications devices with information storage capability (e.g., notebook/laptop computers, personal digital assistants, cellular telephones, digital cameras, audio recording devices). Auto execution vulnerabilities can result in malicious programs being automatically executed. Examples of information system functionality providing the capability for automatic execution of code are Auto Run and Auto Play. Auto Run and Auto Play are components of the Microsoft Windows operating system that dictate what actions the system takes when a drive is mounted. This requirement is designed to address vulnerabilities that arise when mobile devices such as USB memory sticks or other mobile storage devices are automatically mounted and applications are automatically invoked without user knowledge or acceptance. Applicable, but permanent not-a-finding - No Auto-run/play. Devices are addressed in the VMware HG, ESXI5-VM-000034/5/6/7/8.

Description

Mobile devices include portable storage media (e.g., USB memory sticks, external hard disk drives) and portable computing and communications devices with information storage capability (e.g., notebook/laptop computers, personal digital assistants, cellular telephones, digital cameras, audio recording devices). Auto execution vulnerabilities can result in malicious programs being automatically executed. Examples of information system functionality providing the capability for automatic execution of code are Auto Run and Auto Play. Auto Run and Auto Play are components of the Microsoft Windows operating system that dictate what actions the system takes when a drive is mounted. This requirement is designed to address vulnerabilities that arise when mobile devices such as USB memory sticks or other mobile storage devices are automatically mounted and applications are automatically invoked without user knowledge or acceptance. Applicable, but permanent not-a-finding - No Auto-run/play. Devices are addressed in the VMware HG, ESXI5-VM-000034/5/6/7/8.

STIG	Date
VMware ESXi v5 Security Technical Implementation Guide	2013-01-15

Details

Check Text ( C-SRG-OS-000035-ESXI5-PNF_chk )
ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding.

Fix Text (F-SRG-OS-000035-ESXI5-PNF_fix)
This requirement is permanent not a finding. No fix is required.