UCF STIG Viewer Logo

VMware vCenter Server Version 5 Security Technical Implementation Guide


Overview

Date Finding Count (23)
2014-11-10 CAT I (High): 1 CAT II (Med): 16 CAT III (Low): 6
STIG Description
The VMware vCenter Server Version 5 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-39566 High The vCenter Administrator role must be secured by assignment to specific users authorized as vCenter Administrators.
V-39562 Medium A least-privileges assignment must be used for the Update Manager database user.
V-39561 Medium A least-privileges assignment must be used for the vCenter Server database user.
V-39545 Medium Privilege re-assignment must be checked after the vCenter Server restarts.
V-39563 Medium The system must set a timeout for all thick-client logins without activity.
V-39544 Medium The VMware Update Manager must not be configured to manage its own VM or the VM of its vCenter Server.
V-39564 Medium vSphere Client plugins must be verified.
V-39569 Medium The Update Manager must not directly connect to public patch repositories on the Internet.
V-39568 Medium The Update Manager Download Server must be isolated from direct connection to Internet public patch repositories by a proxy server.
V-39554 Medium Log files must be cleaned up after failed installations of the vCenter Server.
V-39555 Medium Revoked certificates must be removed from the vCenter Server.
V-39556 Medium The vCenter Administrator role must be secured and assigned to specific users other than a Windows Administrator.
V-39557 Medium Access to SSL certificates must be restricted.
V-39550 Medium The vCenter Server administrative users must have the correct roles assigned.
V-39551 Medium Access to SSL certificates must be monitored.
V-39553 Medium Expired certificates must be removed from the vCenter Server.
V-39558 Medium The system must restrict unauthorized vSphere users from being able to execute commands within the guest virtual machine.
V-39560 Low Network access to the vCenter Server system must be restricted.
V-39547 Low The managed object browser must be disabled, at all times, when not required for the purpose of troubleshooting or maintenance of managed objects.
V-39546 Low The Web datastore browser must be disabled, unless required for normal day-to-day operations.
V-39549 Low The connectivity between Update Manager and public patch repositories must be restricted by use of a separate Update Manager Download Server.
V-39548 Low The vCenter Server must be installed using a service account instead of a built-in Windows account.
V-39559 Low The use of Linux-based clients must be restricted.