UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

tc Server ALL server files must be verified for their integrity (e.g., checksums and hashes) before becoming part of the production web server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-241631 VROM-TC-000320 SV-241631r879584_rule Medium
Description
Being able to verify that a patch, upgrade, certificate, etc., being added to the web server is unchanged from the producer of the file is essential for file validation and non-repudiation of the information. VMware delivers product updates and patches regularly. It is crucial that system administrators coordinate installation of product updates with the site ISSO to ensure that only valid files are uploaded onto the system.
STIG Date
VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide 2023-09-12

Details

Check Text ( C-44907r854899_chk )
Obtain supporting documentation from the ISSO.

Determine whether web server files are being fully reviewed, tested, and signed before being implemented into the production environment.

If the web server files are not being fully reviewed, tested, and signed before being implemented into the production environment, this is a finding.
Fix Text (F-44866r683754_fix)
Configure the web server to verify object integrity before becoming part of the production web server or utilize an external tool designed to meet this requirement.