UCF STIG Viewer Logo

The operating system must validate the binding of the information producer's identity to the information.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-OS-000209-ESXI5-PF SRG-OS-000209-ESXI5-PF SRG-OS-000209-ESXI5-PF_rule Medium
Description
Predictable failure prevention requires organizational planning to address system failure issues. If a subsystem of the operating system, hardware, or the operating system itself, is key to maintaining systems and security fails to function, the system could continue operating in an insecure state. The organization must be prepared for and the operating system must support capability that alarms for such conditions and/or automatically shuts down the operating system or the subsystem of the operating system. Applicable, but permanent finding - The hypervisor does not support this functionality. Auditing cannot be configured/implemented like a typical UNIX system. Auditing is turned on by default, as is logging. Syslog is the best way to ensure all access is logged. Access is limited to privileged roles only. In lockdown mode (required), only the vpxuser proxy has access.
STIG Date
VMware ESXi v5 Security Technical Implementation Guide 2013-01-15

Details

Check Text ( C-SRG-OS-000209-ESXI5-PF_chk )
ESXi does not support this requirement. This is a permanent finding.
Fix Text (F-SRG-OS-000209-ESXI5-PF_fix)
This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented but this finding cannot be considered fixed.