UCF STIG Viewer Logo

The operating system, when transferring information between different security domains, must decompose information into policy-relevant subcomponents for submission to policy enforcement mechanisms.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-OS-000082-ESXI5-PF SRG-OS-000082-ESXI5-PF SRG-OS-000082-ESXI5-PF_rule Medium
Description
Information flow control regulates where information is allowed to travel within an information system and between information systems (as opposed to who is allowed to access the information) and without explicit regard to subsequent accesses to that information. Policy enforcement mechanisms include the filtering and/or sanitization rules that are applied to information prior to transfer to a different security domain. Parsing transfer files facilitates policy decisions on source, destination, certificates, classification, subject, attachments, and other information security-related component differentiators. Policy rules for cross domain transfers include, limitations on embedding components/information types within other components/information types, prohibiting more than two-levels of embedding, and prohibiting the transfer of archived information types. Applicable, but permanent finding - The hypervisor does not support this functionality.
STIG Date
VMware ESXi v5 Security Technical Implementation Guide 2013-01-15

Details

Check Text ( C-SRG-OS-000082-ESXI5-PF_chk )
ESXi does not support this requirement. This is a permanent finding.
Fix Text (F-SRG-OS-000082-ESXI5-PF_fix)
This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented but this finding cannot be considered fixed.