The vRealize Operations appliance must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-239844	VROM-AP-000655	SV-239844r879887_rule		Medium

Description
Configuring the vRealize Operations appliance to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements. The vROps product is continually under refinement, and patches are regularly released to address vulnerabilities. As a result, the vROps STIG is also subject to a release cycle on a quarterly basis. Assessors should ensure that they are reviewing the vRealize Operations appliance with the most current STIG.

Description

Configuring the vRealize Operations appliance to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements. The vROps product is continually under refinement, and patches are regularly released to address vulnerabilities. As a result, the vROps STIG is also subject to a release cycle on a quarterly basis. Assessors should ensure that they are reviewing the vRealize Operations appliance with the most current STIG.

STIG	Date
VMware vRealize Operations Manager 6.x Application Security Technical Implementation Guide	2023-09-12

Details

Check Text ( C-43077r664024_chk )
Obtain the current vRealize Operations STIGs from the ISSO. Verify that this Security Technical Implementation Guide (STIG) is the most current STIG available for vRealize Operations. Assess all of the organization's vROps installations to ensure that they are fully compliant with the most current STIG. If the most current version of the vROps STIG was not used, or if the vROps appliance configuration is not compliant with the most current STIG, this is a finding.

Check Text ( C-43077r664024_chk )

Obtain the current vRealize Operations STIGs from the ISSO.

Verify that this Security Technical Implementation Guide (STIG) is the most current STIG available for vRealize Operations.

Assess all of the organization's vROps installations to ensure that they are fully compliant with the most current STIG.

If the most current version of the vROps STIG was not used, or if the vROps appliance configuration is not compliant with the most current STIG, this is a finding.

Fix Text (F-43036r664025_fix)
Obtain the most current vRealize Operations STIG. Ensure that this vROps appliance is configured with all current requirements.