The operating system must use cryptography to protect the integrity of remote access sessions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-OS-000250-ESXI5-PNF	SRG-OS-000250-ESXI5-PNF	SRG-OS-000250-ESXI5-PNF_rule		Medium

Description
Remote access is any access to an organizational operating system by a user (or an information system) communicating through an external, non-organization-controlled network. If cryptography is not used to protect these sessions, then the session data traversing the remote connection could be intercepted and potentially modified. Cryptography provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection, thereby providing a degree of integrity. The encryption strength of mechanism is selected based on the security categorization of the information traversing the remote connection. Permanent not a finding - SSH is disabled by default (requirement of Lockdown Mode), but does use crypto to protect the integrity of remote access sessions. All versions of VMware products, including all releases of vCenter Server use X.509 certificates to encrypt session information sent over SSL (secure sockets layer protocol) connections between server and client components such as ESXi-v5.

Description

Remote access is any access to an organizational operating system by a user (or an information system) communicating through an external, non-organization-controlled network. If cryptography is not used to protect these sessions, then the session data traversing the remote connection could be intercepted and potentially modified. Cryptography provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection, thereby providing a degree of integrity. The encryption strength of mechanism is selected based on the security categorization of the information traversing the remote connection. Permanent not a finding - SSH is disabled by default (requirement of Lockdown Mode), but does use crypto to protect the integrity of remote access sessions. All versions of VMware products, including all releases of vCenter Server use X.509 certificates to encrypt session information sent over SSL (secure sockets layer protocol) connections between server and client components such as ESXi-v5.

STIG	Date
VMware ESXi v5 Security Technical Implementation Guide	2013-01-15

Details

Check Text ( C-SRG-OS-000250-ESXI5-PNF_chk )
ESXi supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding.

Fix Text (F-SRG-OS-000250-ESXI5-PNF_fix)
This requirement is permanent not a finding. No fix is required.