UCF STIG Viewer Logo

VMware vSphere 8.0 vCenter Appliance ESX Agent Manager (EAM) Security Technical Implementation Guide


Overview

Date Finding Count (34)
2024-07-11 CAT I (High): 0 CAT II (Med): 34 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-259029 Medium The vCenter ESX Agent Manager service example applications must be removed.
V-259028 Medium The vCenter ESX Agent Manager service xpoweredBy attribute must be disabled.
V-259021 Medium The vCenter ESX Agent Manager service cookies must have the "http-only" flag set.
V-259020 Medium The vCenter ESX Agent Manager service must configure the "setCharacterEncodingFilter" filter.
V-259023 Medium The vCenter ESX Agent Manager service shutdown port must be disabled.
V-259022 Medium The vCenter ESX Agent Manager service DefaultServlet must be set to "readonly" for "PUT" and "DELETE" commands.
V-259025 Medium The vCenter ESX Agent Manager service directory listings parameter must be disabled.
V-259024 Medium The vCenter ESX Agent Manager service debug parameter must be disabled.
V-259027 Medium The vCenter ESX Agent Manager service must have Autodeploy disabled.
V-259026 Medium The vCenter ESX Agent Manager service deployXML attribute must be disabled.
V-259003 Medium The vCenter ESX Agent Manager service must limit the number of maximum concurrent connections permitted.
V-259007 Medium The vCenter ESX Agent Manager service logs folder permissions must be set correctly.
V-259006 Medium The vCenter ESX Agent Manager service must produce log records containing sufficient information regarding event details.
V-259005 Medium The vCenter ESX Agent Manager service must initiate session logging upon startup.
V-259004 Medium The vCenter ESX Agent Manager service cookies must have secure flag set.
V-259009 Medium The vCenter ESX Agent Manager service must disable stack tracing.
V-259008 Medium The vCenter ESX Agent Manager service must limit privileges for creating or modifying hosted application shared files.
V-259010 Medium The vCenter ESX Agent Manager service must be configured to use a specified IP address and port.
V-259016 Medium The vCenter ESX Agent Manager service must offload log records onto a different system or media from the system being logged.
V-259012 Medium The vCenter ESX Agent Manager service must be configured to fail to a known safe state if system initialization fails.
V-259013 Medium The vCenter ESX Agent Manager service must set URIEncoding to UTF-8.
V-259014 Medium The vCenter ESX Agent Manager service "ErrorReportValve showServerInfo" must be set to "false".
V-259015 Medium The vCenter ESX Agent Manager service must set an inactive timeout for sessions.
V-259036 Medium The vCenter ESX Agent Manager service host-manager webapp must be removed.
V-259011 Medium The vCenter ESX Agent Manager service must be configured to limit data exposure between applications.
V-259034 Medium The vCenter ESX Agent Manager service must enable "ENFORCE_ENCODING_IN_GET_WRITER".
V-259035 Medium The vCenter ESX Agent Manager service manager webapp must be removed.
V-259032 Medium The vCenter ESX Agent Manager service files must have permissions in an out-of-the-box state.
V-259033 Medium The vCenter ESX Agent Manager service must disable "ALLOW_BACKSLASH".
V-259030 Medium The vCenter ESX Agent Manager service default ROOT web application must be removed.
V-259017 Medium The vCenter ESX Agent Manager service must enable STRICT_SERVLET_COMPLIANCE.
V-259018 Medium The vCenter ESX Agent Manager service must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive.
V-259019 Medium The vCenter ESX Agent Manager service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive.
V-259031 Medium The vCenter ESX Agent Manager service default documentation must be removed.