Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-94733 | VCWN-65-000010 | SV-104563r1_rule | Medium |
Description |
---|
Use of the SSO administrator account should be limited as it is a shared account and individual accounts must be used wherever possible. |
STIG | Date |
---|---|
VMware vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide | 2019-05-22 |
Check Text ( C-93923r1_chk ) |
---|
Verify the built-in SSO administrator account is only used for emergencies and situations where it is the only option due to permissions. If the built-in SSO administrator account is used for daily operations or there is no policy restricting its use, this is a finding. |
Fix Text (F-100851r1_fix) |
---|
A policy should be developed to limit the use of the built-in SSO administrator account. |