The operating system must employ organization-defined information system components with no writeable storage that are persistent across component restart or power on/off.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-OS-000189-ESXI5-PNF	SRG-OS-000189-ESXI5-PNF	SRG-OS-000189-ESXI5-PNF_rule		Medium

Description
Organizations may require operating systems to be non-modifiable or to be stored and executed on non-writeable storage. Use of non-modifiable storage ensures the integrity of the program from the point of creation of the read-only image and eliminates the possibility of malicious code insertion. Applicable, but permanent not-a-finding - This is true of ESXi "embedded" vs ESXi "installable" which is what's covered by this document. Read-only media is generally for "appliance-only" installations and/or auto-deployed installations (not addressed in this document.

Description

Organizations may require operating systems to be non-modifiable or to be stored and executed on non-writeable storage. Use of non-modifiable storage ensures the integrity of the program from the point of creation of the read-only image and eliminates the possibility of malicious code insertion. Applicable, but permanent not-a-finding - This is true of ESXi "embedded" vs ESXi "installable" which is what's covered by this document. Read-only media is generally for "appliance-only" installations and/or auto-deployed installations (not addressed in this document.

STIG	Date
VMware ESXi v5 Security Technical Implementation Guide	2013-01-15

Details

Check Text ( C-SRG-OS-000189-ESXI5-PNF_chk )
ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding.

Fix Text (F-SRG-OS-000189-ESXI5-PNF_fix)
This requirement is permanent not a finding. No fix is required.