UCF STIG Viewer Logo

VMware vSphere 7.0 VAMI Security Technical Implementation Guide


Date Finding Count (28)
2023-06-15 CAT I (High): 2 CAT II (Med): 26 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-256672 High VAMI must enable FIPS mode.
V-256646 High VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections.
V-256648 Medium VAMI must be configured to monitor remote access.
V-256649 Medium VAMI must generate log records for system startup and shutdown.
V-256668 Medium VAMI must implement Transport Layer Security (TLS) 1.2 exclusively.
V-256669 Medium VAMI must force clients to select the most secure cipher.
V-256666 Medium VAMI must have debug logging disabled.
V-256667 Medium VAMI must be protected from being stopped by a nonprivileged user.
V-256664 Medium VAMI must disable directory browsing.
V-256665 Medium VAMI must not be configured to use "mod_status".
V-256662 Medium VAMI must protect against or limit the effects of HTTP types of denial-of-service (DoS) attacks.
V-256645 Medium VAMI must limit the number of simultaneous requests.
V-256647 Medium VAMI must use cryptography to protect the integrity of remote sessions.
V-256650 Medium VAMI must produce log records containing sufficient information to establish what type of events occurred.
V-256663 Medium VAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8.
V-256671 Medium VAMI must be configured to hide the server type and version in client responses.
V-256670 Medium VAMI must disable client-initiated Transport Layer Security (TLS) renegotiation.
V-256659 Medium VAMI must not have the Web Distributed Authoring (WebDAV) servlet installed.
V-256658 Medium VAMI must have resource mappings set to disable the serving of certain file types.
V-256660 Medium VAMI must prevent hosted applications from exhausting system resources.
V-256653 Medium VAMI server binaries and libraries must be verified for their integrity.
V-256652 Medium The rsyslog must be configured to monitor VAMI logs.
V-256651 Medium VAMI log files must only be accessible by privileged users.
V-256661 Medium VAMI must protect the keystore from unauthorized access.
V-256657 Medium VAMI must remove all mappings to unused scripts.
V-256656 Medium VAMI must explicitly disable Multipurpose Internet Mail Extensions (MIME) mime mappings based on "Content-Type".
V-256655 Medium VAMI must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled.
V-256654 Medium VAMI must only load allowed server modules.