UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must ensure the vpxuser auto-password change meets policy.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-OS-99999-ESXI5-000145 SRG-OS-99999-ESXI5-000145 SRG-OS-99999-ESXI5-000145_rule Medium
Description
By default, the vpxuser password will be automatically changed by vCenter every 30 days. Ensure this setting meets your policies; if not, configure to meet password aging policies. NOTE: It is very important the password aging policy not be shorter than the default interval that is set to automatically change the vpxuser password, to preclude the possibility that vCenter might get locked out of an ESXi host.
STIG Date
VMware ESXi v5 Security Technical Implementation Guide 2013-01-15

Details

Check Text ( C-SRG-OS-99999-ESXI5-000145_chk )
From the vSphere client select "Administration >> vCenter Server Settings >> Advanced Settings". Verify that the "VirtualCenter.VimPasswordExpirationInDays" keyword is set to 60 or less. The default keyword value is 30 days and it is strongly recommended that this value not be changed from "30".

If the "VirtualCenter.VimPasswordExpirationInDays" keyword setting is greater than 60, this is a finding.
Fix Text (F-SRG-OS-99999-ESXI5-000145_fix)
From the vSphere client select "Administration >> vCenter Server Settings >> Advanced Settings". Set the "VirtualCenter.VimPasswordExpirationInDays" to 60 or less. Note that it is strongly recommended that this value not be changed from "30".