UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMware NSX Manager Security Technical Implementation Guide


Overview

Date Finding Count (30)
2016-06-27 CAT I (High): 3 CAT II (Med): 22 CAT III (Low): 5
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Public)

Finding ID Severity Title
V-69161 High The NSX vCenter must be configured to use an authentication server to provide automated support for account management functions to centrally control the authentication process for the purpose of granting administrative access.
V-69163 High The NSX vCenter must enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device.
V-69167 High The NSX Manager must not have any default manufacturer passwords when deployed.
V-69171 Medium The NSX vCenter must protect audit information from any type of unauthorized read access.
V-69219 Medium The NSX vCenter must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
V-69177 Medium The NSX vCenter must prohibit password reuse for a minimum of five generations.
V-69175 Medium The NSX vCenter must enforce a minimum 15-character password length.
V-69179 Medium If multifactor authentication is not supported and passwords must be used, the NSX vCenter must enforce password complexity by requiring that at least one upper-case character be used.
V-69211 Medium The NSX Manager must enforce access restrictions associated with changes to the system components.
V-69217 Medium The NSX Manager must employ automated mechanisms to assist in the tracking of security incidents.
V-69191 Medium The NSX vCenter must reveal error messages only to authorized individuals (ISSO, ISSM, and SA).
V-69193 Medium The NSX vCenter must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.
V-69195 Medium If the NSX vCenter uses role-based access control, the network device must enforce organization-defined role-based access control policies over defined subjects and objects.
V-69197 Medium The NSX vCenter must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
V-69199 Medium The NSX vCenter must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.
V-69221 Medium The NSX vCenter must accept multifactor credentials.
V-69209 Medium The NSX Manager must off-load audit records onto a different system or media than the system being audited.
V-69165 Medium The NSX vCenter must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
V-69207 Medium The NSX Manager must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.
V-69201 Medium The NSX vCenter must provide the capability for organization-identified individuals or roles to change the auditing to be performed based on all selectable event criteria within near-real time.
V-69189 Medium The NSX vCenter must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
V-69187 Medium The NSX vCenter must enforce a 60-day maximum password lifetime restriction.
V-69185 Medium If multifactor authentication is not supported and passwords must be used, the NSX vCenter must enforce password complexity by requiring that at least one special character be used.
V-69183 Medium If multifactor authentication is not supported and passwords must be used, the NSX vCenter must enforce password complexity by requiring that at least one numeric character be used.
V-69181 Medium If multifactor authentication is not supported and passwords must be used, the NSX vCenter must enforce password complexity by requiring that at least one lower-case character be used.
V-69173 Low The NSX Manager must back up audit records at least every seven days onto a different system or system component than the system or component being audited.
V-69213 Low The NSX Manager must support organizational requirements to conduct backups of system-level information contained in the information system when changes occur or weekly, whichever is sooner.
V-69215 Low The NSX Manager must support organizational requirements to conduct backups of information system documentation, including security-related documentation, when changes occur or weekly, whichever is sooner.
V-69205 Low The NSX Manager must synchronize internal information system clocks to the authoritative time source when the time difference is greater than the organization-defined time period.
V-69203 Low The NSX Manager must compare internal information system clocks at least every 24 hours with an authoritative time server.