Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-39550 | VCENTER-000012 | SV-51408r1_rule | Medium |
Description |
---|
Administrative users must only be assigned privileges they require. Least Privilege requires that these privileges must only be assigned if needed, to reduce risk of confidentiality, availability or integrity loss. |
STIG | Date |
---|---|
VMware vCenter Server Version 5 Security Technical Implementation Guide | 2013-12-18 |
Check Text ( C-46775r2_chk ) |
---|
Check that roles are created in vCenter with the required granularity of privilege for the organization's administrator types, and that these roles are assigned to the correct, site-specific users: Log into the vCenter Server System using the vSphere Client as a vCenter Server System Administrator. Go to "Home>> Administration>> Roles" and verify that a role exists for each of the administrator privilege sets the organization requires and allows. Right click on each Role name and select "Edit". Verify under "All Privileges>> Virtual Machines" that only site-specific, required checkboxes are selected. If the organization does not require roles for administrator privilege sets, this is a finding. If a role does not exist for each of the organization-required, administrator privilege sets, this is a finding. |
Fix Text (F-44563r2_fix) |
---|
Create roles in vCenter with the required granularity of privilege for the organization's administrator types, and ensure that these roles are assigned to the correct, site-specific users. As a vCenter Server administrator, log into the vCenter Server with the vSphere Client. Go to "Home>> Administration>> Roles" and create a role for each of the administrator privilege sets the organization requires and allows. Right click on each role name and select "Edit". Verify under "All Privileges>> Virtual Machines" that only site-specific, required checkboxes are selected. |