UCF STIG Viewer Logo

VMware NSX-T Manager NDM Security Technical Implementation Guide


Overview

Date Finding Count (23)
2022-09-01 CAT I (High): 5 CAT II (Med): 17 CAT III (Low): 1
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Classified)

Finding ID Severity Title
V-251794 High The NSX-T Manager must be running a release that is currently supported by the vendor.
V-251793 High The NSX-T Manager must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the Information System Security Officer (ISSO).
V-251778 High NSX-T Manager must restrict the use of configuration, administration, and the execution of privileged commands to authorized personnel based on organization-defined roles.
V-251789 High The NSX-T Manager must integrate with either VMware Identity Manager (vIDM) or VMware Workspace ONE Access.
V-251781 High The NSX-T Manager must terminate the device management session at the end of the session or after 10 minutes of inactivity.
V-251800 Medium The NSX-T Manager must enable the global FIPS compliance mode for load balancers.
V-251799 Medium The NSX-T Manager must disable SNMP v2.
V-251798 Medium The NSX-T Manager must disable TLS 1.1 and enable TLS 1.2.
V-251797 Medium The NSX-T Manager must disable unused local accounts.
V-251795 Medium The NSX-T Manager must not provide environment information to third parties.
V-251792 Medium The NSX-T Manager must obtain its public key certificates from an approved DoD certificate authority.
V-251791 Medium The NSX-T Manager must support organizational requirements to conduct backups of information system documentation, including security-related documentation, when changes occur or weekly, whichever is sooner.
V-251790 Medium The NSX-T Manager must be configured to conduct backups on an organizationally defined schedule.
V-251779 Medium The NSX-T Manager must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.
V-251788 Medium The NSX-T Manager must generate log records for the info level to capture the DoD-required auditable events.
V-251784 Medium The NSX-T Manager must prohibit the use of cached authenticators after an organization-defined time period.
V-251785 Medium The NSX-T Manager must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards.
V-251786 Medium The NSX-T Manager must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.
V-251787 Medium The NSX-T Manager must be configured to send logs to a central log server.
V-251780 Medium The NSX-T Manager must enforce a minimum 15-character password length.
V-251782 Medium The NSX-T Manager must be configured to synchronize internal information system clocks using redundant authoritative time sources.
V-251783 Medium The NSX-T Manager must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC).
V-251796 Low The NSX-T Manager must disable SSH.