UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMware vSphere 7.0 VAMI Security Technical Implementation Guide


Overview

Date Finding Count (28)
2023-06-15 CAT I (High): 2 CAT II (Med): 26 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-256672 High VAMI must enable FIPS mode.
V-256646 High VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections.
V-256648 Medium VAMI must be configured to monitor remote access.
V-256649 Medium VAMI must generate log records for system startup and shutdown.
V-256668 Medium VAMI must implement Transport Layer Security (TLS) 1.2 exclusively.
V-256669 Medium VAMI must force clients to select the most secure cipher.
V-256666 Medium VAMI must have debug logging disabled.
V-256667 Medium VAMI must be protected from being stopped by a nonprivileged user.
V-256664 Medium VAMI must disable directory browsing.
V-256665 Medium VAMI must not be configured to use "mod_status".
V-256662 Medium VAMI must protect against or limit the effects of HTTP types of denial-of-service (DoS) attacks.
V-256645 Medium VAMI must limit the number of simultaneous requests.
V-256647 Medium VAMI must use cryptography to protect the integrity of remote sessions.
V-256650 Medium VAMI must produce log records containing sufficient information to establish what type of events occurred.
V-256663 Medium VAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8.
V-256671 Medium VAMI must be configured to hide the server type and version in client responses.
V-256670 Medium VAMI must disable client-initiated Transport Layer Security (TLS) renegotiation.
V-256659 Medium VAMI must not have the Web Distributed Authoring (WebDAV) servlet installed.
V-256658 Medium VAMI must have resource mappings set to disable the serving of certain file types.
V-256660 Medium VAMI must prevent hosted applications from exhausting system resources.
V-256653 Medium VAMI server binaries and libraries must be verified for their integrity.
V-256652 Medium The rsyslog must be configured to monitor VAMI logs.
V-256651 Medium VAMI log files must only be accessible by privileged users.
V-256661 Medium VAMI must protect the keystore from unauthorized access.
V-256657 Medium VAMI must remove all mappings to unused scripts.
V-256656 Medium VAMI must explicitly disable Multipurpose Internet Mail Extensions (MIME) mime mappings based on "Content-Type".
V-256655 Medium VAMI must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled.
V-256654 Medium VAMI must only load allowed server modules.