UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMware vSphere 8.0 vCenter Appliance ESX Agent Manager (EAM) Security Technical Implementation Guide


Overview

Date Finding Count (34)
2023-10-29 CAT I (High): 0 CAT II (Med): 34 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-259029 Medium The vCenter ESX Agent Manager service example applications must be removed.
V-259028 Medium The vCenter ESX Agent Manager service xpoweredBy attribute must be disabled.
V-259021 Medium The vCenter ESX Agent Manager service cookies must have the "http-only" flag set.
V-259020 Medium The vCenter ESX Agent Manager service must configure the "setCharacterEncodingFilter" filter.
V-259023 Medium The vCenter ESX Agent Manager service shutdown port must be disabled.
V-259022 Medium The vCenter ESX Agent Manager service DefaultServlet must be set to "readonly" for "PUT" and "DELETE" commands.
V-259025 Medium The vCenter ESX Agent Manager service directory listings parameter must be disabled.
V-259024 Medium The vCenter ESX Agent Manager service debug parameter must be disabled.
V-259027 Medium The vCenter ESX Agent Manager service must have Autodeploy disabled.
V-259026 Medium The vCenter ESX Agent Manager service deployXML attribute must be disabled.
V-259003 Medium The vCenter ESX Agent Manager service must limit the number of maximum concurrent connections permitted.
V-259007 Medium The vCenter ESX Agent Manager service logs folder permissions must be set correctly.
V-259006 Medium The vCenter ESX Agent Manager service must produce log records containing sufficient information regarding event details.
V-259005 Medium The vCenter ESX Agent Manager service must initiate session logging upon startup.
V-259004 Medium The vCenter ESX Agent Manager service cookies must have secure flag set.
V-259009 Medium The vCenter ESX Agent Manager service must disable stack tracing.
V-259008 Medium The vCenter ESX Agent Manager service must limit privileges for creating or modifying hosted application shared files.
V-259010 Medium The vCenter ESX Agent Manager service must be configured to use a specified IP address and port.
V-259016 Medium The vCenter ESX Agent Manager service must offload log records onto a different system or media from the system being logged.
V-259012 Medium The vCenter ESX Agent Manager service must be configured to fail to a known safe state if system initialization fails.
V-259013 Medium The vCenter ESX Agent Manager service must set URIEncoding to UTF-8.
V-259014 Medium The vCenter ESX Agent Manager service "ErrorReportValve showServerInfo" must be set to "false".
V-259015 Medium The vCenter ESX Agent Manager service must set an inactive timeout for sessions.
V-259036 Medium The vCenter ESX Agent Manager service host-manager webapp must be removed.
V-259011 Medium The vCenter ESX Agent Manager service must be configured to limit data exposure between applications.
V-259034 Medium The vCenter ESX Agent Manager service must enable "ENFORCE_ENCODING_IN_GET_WRITER".
V-259035 Medium The vCenter ESX Agent Manager service manager webapp must be removed.
V-259032 Medium The vCenter ESX Agent Manager service files must have permissions in an out-of-the-box state.
V-259033 Medium The vCenter ESX Agent Manager service must disable "ALLOW_BACKSLASH".
V-259030 Medium The vCenter ESX Agent Manager service default ROOT web application must be removed.
V-259017 Medium The vCenter ESX Agent Manager service must enable STRICT_SERVLET_COMPLIANCE.
V-259018 Medium The vCenter ESX Agent Manager service must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive.
V-259019 Medium The vCenter ESX Agent Manager service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive.
V-259031 Medium The vCenter ESX Agent Manager service default documentation must be removed.