The operating system must enforce a two-person rule for changes to organization-defined information system components and system-level information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-OS-000091-ESXI5-PF | SRG-OS-000091-ESXI5-PF | SRG-OS-000091-ESXI5-PF_rule | Medium |
| Description |
|---|
| Regarding access restrictions for changes made to organization-defined information system components and system level information. Any changes to the hardware, software, and/or firmware components of the operating system can potentially have significant effects on the overall security of the system. Accordingly, only qualified and authorized individuals are allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications. A two person rule requires two separate individuals acknowledge and approve those changes. Two person rule for changes to critical operating system components helps to reduce risks pertaining to availability and integrity. Permanent finding - ESXi v5 does not support this requirement. |
| STIG | Date |
|---|---|
| VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-SRG-OS-000091-ESXI5-PF_chk ) |
|---|
| ESXi does not support this requirement. This is a permanent finding. |
| Fix Text (F-SRG-OS-000091-ESXI5-PF_fix) |
|---|
| This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented but this finding cannot be considered fixed. |