Access to SSL certificates must be monitored.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-39551 | VCENTER-000013 | SV-51409r1_rule | Medium |
| Description |
|---|
| The directory that contains the SSL certificates only needs to be accessed by the service account user on a regular basis. Occasionally, the vCenter Server system administrator might need to access it for support purposes. The SSL certificate can be used to impersonate vCenter and decrypt the vCenter database password. |
| STIG | Date |
|---|---|
| VMware vCenter Server Version 5 Security Technical Implementation Guide | 2014-11-10 |
Details
| Check Text ( C-46776r1_chk ) |
|---|
| Ask the SA if event log monitoring is used to alert on non-service account access to the certificates directory. If event log monitoring is not used, this is a finding. |
| Fix Text (F-44564r1_fix) |
|---|
| Set up Windows event log monitoring to alert on nonservice account access to the certificates directory. |