The operating system must check incoming communications to ensure the communications are coming from an authorized source and routed to an authorized destination.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-OS-000151-ESXI5-PNF	SRG-OS-000151-ESXI5-PNF	SRG-OS-000151-ESXI5-PNF_rule		Medium

Description
In the case of the operating system, the boundary may be the workstation on the public internet. In order to thwart an attack the operating system must be able to ensure communications are coming from an authorized source and routed to an authorized destination. Applicable, but permanent not-a-finding - Host isolation on a separate, non-routed, management network is required. Not a router, however a requirement already exists for a gateway setting. Management network/traffic isolation, and firewall requirements already exist.

Description

In the case of the operating system, the boundary may be the workstation on the public internet. In order to thwart an attack the operating system must be able to ensure communications are coming from an authorized source and routed to an authorized destination. Applicable, but permanent not-a-finding - Host isolation on a separate, non-routed, management network is required. Not a router, however a requirement already exists for a gateway setting. Management network/traffic isolation, and firewall requirements already exist.

STIG	Date
VMware ESXi v5 Security Technical Implementation Guide	2013-01-15

Details

Check Text ( C-SRG-OS-000151-ESXI5-PNF_chk )
ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding.

Fix Text (F-SRG-OS-000151-ESXI5-PNF_fix)
This requirement is permanent not a finding. No fix is required.