UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMware vSphere 8.0 vCenter Appliance Perfcharts Security Technical Implementation Guide


Overview

Date Finding Count (33)
2023-10-29 CAT I (High): 0 CAT II (Med): 33 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-259102 Medium The vCenter Perfcharts service manager webapp must be removed.
V-259103 Medium The vCenter Perfcharts service host-manager webapp must be removed.
V-259100 Medium The vCenter Perfcharts service must disable "ALLOW_BACKSLASH".
V-259101 Medium The vCenter Perfcharts service must enable "ENFORCE_ENCODING_IN_GET_WRITER".
V-259089 Medium The vCenter Perfcharts service cookies must have "http-only" flag set.
V-259088 Medium The vCenter Perfcharts service must configure the "setCharacterEncodingFilter" filter.
V-259083 Medium The vCenter Perfcharts service must set an inactive timeout for sessions.
V-259082 Medium The vCenter Perfcharts service "ErrorReportValve showServerInfo" must be set to "false".
V-259081 Medium The vCenter Perfcharts service must set URIEncoding to UTF-8.
V-259080 Medium The vCenter Perfcharts service must be configured to fail to a known safe state if system initialization fails.
V-259087 Medium The vCenter Perfcharts service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive.
V-259086 Medium The vCenter Perfcharts service must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive.
V-259085 Medium The vCenter Perfcharts service must enable "STRICT_SERVLET_COMPLIANCE".
V-259084 Medium The vCenter Perfcharts service must offload log records onto a different system or media from the system being logged.
V-259072 Medium The vCenter Perfcharts service cookies must have secure flag set.
V-259073 Medium The vCenter Perfcharts service must initiate session logging upon startup.
V-259071 Medium The vCenter Perfcharts service must limit the number of maximum concurrent connections permitted.
V-259076 Medium The vCenter Perfcharts service must limit privileges for creating or modifying hosted application shared files.
V-259077 Medium The vCenter Perfcharts service must disable stack tracing.
V-259074 Medium The vCenter Perfcharts service must produce log records containing sufficient information regarding event details.
V-259075 Medium The vCenter Perfcharts service logs folder permissions must be set correctly.
V-259078 Medium The vCenter Perfcharts service must be configured to use a specified IP address and port.
V-259079 Medium The vCenter Perfcharts service must be configured to limit data exposure between applications.
V-259098 Medium The vCenter Perfcharts service default documentation must be removed.
V-259099 Medium The vCenter Perfcharts service files must have permissions in an out-of-the-box state.
V-259090 Medium The vCenter Perfcharts service DefaultServlet must be set to "readonly" for "PUT" and "DELETE" commands.
V-259091 Medium The vCenter Perfcharts service shutdown port must be disabled.
V-259092 Medium The vCenter Perfcharts service debug parameter must be disabled.
V-259093 Medium The vCenter Perfcharts service directory listings parameter must be disabled.
V-259094 Medium The vCenter Perfcharts service deployXML attribute must be disabled.
V-259095 Medium The vCenter Perfcharts service must have Autodeploy disabled.
V-259096 Medium The vCenter Perfcharts service xpoweredBy attribute must be disabled.
V-259097 Medium The vCenter Perfcharts service example applications must be removed.