tc Server ALL baseline must be documented and maintained.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-240814	VRAU-TC-000550	SV-240814r674186_rule		Medium

Description
Making certain that the web server has not been updated by an unauthorized user is always a concern. Adding patches, functions, and modules that are untested and not part of the baseline opens the possibility for security risks. The web server must offer, and not hinder, a method that allows for the quick and easy reinstallation of a verified and patched baseline to guarantee the production web server is up-to-date and has not been modified to add functionality or expose security risks. Because tc Server is installed as part of the entire vRA application, and not installed separately, VMware has ensured that all updates, upgrades, and patches have been thoroughly tested before becoming part of the production build process.

Description

Making certain that the web server has not been updated by an unauthorized user is always a concern. Adding patches, functions, and modules that are untested and not part of the baseline opens the possibility for security risks. The web server must offer, and not hinder, a method that allows for the quick and easy reinstallation of a verified and patched baseline to guarantee the production web server is up-to-date and has not been modified to add functionality or expose security risks. Because tc Server is installed as part of the entire vRA application, and not installed separately, VMware has ensured that all updates, upgrades, and patches have been thoroughly tested before becoming part of the production build process.

STIG	Date
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide	2021-06-23

Details

Check Text ( C-44047r674184_chk )
Interview the ISSO. Review the web server documentation and deployed configuration to determine if the tc Server code baseline is documented and maintained. If the tc Server code baseline is not documented and maintained, this is a finding.

Fix Text (F-44006r674185_fix)
Develop baseline documentation of the tc Server codebase.