UCF STIG Viewer Logo

VMware vSphere 6.5 Virtual Machine Security Technical Implementation Guide


Overview

Date Finding Count (39)
2021-09-22 CAT I (High): 0 CAT II (Med): 15 CAT III (Low): 24
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Classified)

Finding ID Severity Title
V-237095 Medium Unauthorized removal, connection and modification of devices must be prevented on the virtual machine.
V-237096 Medium The virtual machine must not be able to obtain host information from the hypervisor.
V-237090 Medium Unauthorized serial devices must be disconnected on the virtual machine.
V-237091 Medium Unauthorized USB devices must be disconnected on the virtual machine.
V-237092 Medium Console connection sharing must be limited on the virtual machine.
V-237093 Medium Console access through the VNC protocol must be disabled on the virtual machine.
V-237072 Medium HGFS file transfers must be disabled on the virtual machine.
V-237070 Medium Virtual disk erasure must be disabled on the virtual machine.
V-237071 Medium Independent, non-persistent disks must be not be used on the virtual machine.
V-237089 Medium Unauthorized parallel devices must be disconnected on the virtual machine.
V-237087 Medium Unauthorized floppy devices must be disconnected on the virtual machine.
V-237069 Medium Virtual disk shrinking must be disabled on the virtual machine.
V-237103 Medium Encryption must be enabled for vMotion on the virtual machine.
V-237100 Medium Use of the virtual machine console must be minimized.
V-237101 Medium The virtual machine guest operating system must be locked when the last console connection is closed.
V-237098 Low Access to virtual machines through the dvfilter network APIs must be controlled.
V-237099 Low System administrators must use templates to deploy virtual machines whenever possible.
V-237094 Low Informational messages from the virtual machine to the VMX file must be limited on the virtual machine.
V-237097 Low Shared salt values must be disabled on the virtual machine.
V-237078 Low The unexposed feature keyword isolation.tools.ghi.trayicon.disable must be set on the virtual machine.
V-237079 Low The unexposed feature keyword isolation.tools.unity.disable must be set on the virtual machine.
V-237076 Low The unexposed feature keyword isolation.tools.ghi.protocolhandler.info.disable must be set on the virtual machine.
V-237077 Low The unexposed feature keyword isolation.ghi.host.shellAction.disable must be set on the virtual machine.
V-237074 Low The unexposed feature keyword isolation.tools.ghi.launchmenu.change must be set on the virtual machine.
V-237075 Low The unexposed feature keyword isolation.tools.memSchedFakeSampleStats.disable must be set on the virtual machine.
V-237073 Low The unexposed feature keyword isolation.tools.ghi.autologon.disable must be set on the virtual machine.
V-237088 Low Unauthorized CD/DVD devices must be disconnected on the virtual machine.
V-237086 Low The unexposed feature keyword isolation.tools.guestDnDVersionSet.disable must be set on the virtual machine.
V-237085 Low The unexposed feature keyword isolation.tools.vmxDnDVersionGet.disable must be set on the virtual machine.
V-237084 Low The unexposed feature keyword isolation.tools.unity.windowContents.disable must be set on the virtual machine.
V-237083 Low The unexposed feature keyword isolation.tools.unityActive.disable must be set on the virtual machine.
V-237082 Low The unexposed feature keyword isolation.tools.unity.taskbar.disable must be set on the virtual machine.
V-237081 Low The unexposed feature keyword isolation.tools.unity.push.update.disable must be set on the virtual machine.
V-237080 Low The unexposed feature keyword isolation.tools.unityInterlockOperation.disable must be set on the virtual machine.
V-237065 Low Copy operations must be disabled on the virtual machine.
V-237067 Low GUI functionality for copy/paste operations must be disabled on the virtual machine.
V-237066 Low Drag and drop operations must be disabled on the virtual machine.
V-237068 Low Paste operations must be disabled on the virtual machine.
V-237102 Low 3D features on the virtual machine must be disabled when not required.