UCF STIG Viewer Logo

VMware vSphere 6.7 Virgo-Client Security Technical Implementation Guide


Overview

Date Finding Count (29)
2021-03-18 CAT I (High): 3 CAT II (Med): 26 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Public)

Finding ID Severity Title
V-239747 High vSphere Client must be configured with FIPS 140-2 compliant ciphers for HTTPS connections.
V-239748 High vSphere Client must be configured to enable SSL/TLS.
V-239749 High vSphere Client must be configured to only communicate over TLS 1.2.
V-239767 Medium vSphere Client must have the debug option turned off.
V-239743 Medium vSphere Client must limit the amount of time that each TCP connection is kept alive.
V-239746 Medium vSphere Client must protect cookies from XSS.
V-239744 Medium vSphere Client must limit the number of concurrent connections permitted.
V-239745 Medium vSphere Client must limit the maximum size of a POST request.
V-239764 Medium vSphere Client must not show directory listings.
V-239765 Medium vSphere Client must be configured to show error pages with minimal information.
V-239760 Medium vSphere Client directory tree must have permissions in an "out-of-the-box" state.
V-239761 Medium vSphere Client must limit the number of allowed connections.
V-239762 Medium vSphere Client must set "URIEncoding" to UTF-8.
V-239763 Medium vSphere Client must set the "welcome-file" node to a default web page.
V-239768 Medium Rsyslog must be configured to monitor and ship vSphere Client log files.
V-239769 Medium vSphere Client must be configured with the appropriate ports.
V-239755 Medium vSphere Client must have mappings set for Java servlet pages.
V-239754 Medium vSphere Client must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.
V-239757 Medium vSphere Client must be configured with memory leak protection.
V-239756 Medium vSphere Client must not have the Web Distributed Authoring (WebDAV) servlet installed.
V-239751 Medium vSphere Client must record user access in a format that enables monitoring of remote access.
V-239750 Medium vSphere Client must be configured to use the HTTPS scheme.
V-239753 Medium vSphere Client application files must be verified for their integrity.
V-239752 Medium vSphere Client must generate log records during Java startup and shutdown.
V-239759 Medium vSphere Client must ensure appropriate permissions are set on the keystore.
V-239758 Medium vSphere Client must not have any symbolic links in the web content directory tree.
V-239771 Medium vSphere Client must set the secure flag for cookies.
V-239770 Medium vSphere Client must disable the shutdown port.
V-239766 Medium vSphere Client must not enable support for TRACE requests.