UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMware vSphere 8.0 vCenter Appliance User Interface (UI) Security Technical Implementation Guide


Overview

Date Finding Count (33)
2023-10-29 CAT I (High): 0 CAT II (Med): 33 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Classified)

Finding ID Severity Title
V-259108 Medium The vCenter UI service must protect logs from unauthorized access.
V-259109 Medium The vCenter UI service must limit privileges for creating or modifying hosted application shared files.
V-259106 Medium The vCenter UI service must initiate session logging upon startup.
V-259107 Medium The vCenter UI service must produce log records containing sufficient information regarding event details.
V-259104 Medium The vCenter UI service must limit the number of maximum concurrent connections permitted.
V-259105 Medium The vCenter UI service cookies must have secure flag set.
V-259124 Medium The vCenter UI service shutdown port must be disabled.
V-259125 Medium The vCenter UI service debug parameter must be disabled.
V-259126 Medium The vCenter UI service directory listings parameter must be disabled.
V-259127 Medium The vCenter UI service deployXML attribute must be disabled.
V-259120 Medium The vCenter UI service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive.
V-259121 Medium The vCenter UI service must configure the "setCharacterEncodingFilter" filter.
V-259122 Medium The vCenter UI service cookies must have "http-only" flag set.
V-259123 Medium The vCenter UI service DefaultServlet must be set to "readonly" for "PUT" and "DELETE" commands.
V-259128 Medium The vCenter UI service must have Autodeploy disabled.
V-259129 Medium The vCenter UI service xpoweredBy attribute must be disabled.
V-259119 Medium The vCenter UI service must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive.
V-259118 Medium The vCenter UI service must enable "STRICT_SERVLET_COMPLIANCE".
V-259115 Medium The vCenter UI service "ErrorReportValve showServerInfo" must be set to "false".
V-259114 Medium The vCenter UI service must set URIEncoding to UTF-8.
V-259117 Medium The vCenter UI service must offload log records onto a different system or media from the system being logged.
V-259116 Medium The vCenter UI service must set an inactive timeout for sessions.
V-259111 Medium The vCenter UI service must be configured to use a specified IP address and port.
V-259110 Medium The vCenter UI service must disable stack tracing.
V-259113 Medium The vCenter UI service must be configured to fail to a known safe state if system initialization fails.
V-259112 Medium The vCenter UI service must be configured to limit data exposure between applications.
V-259136 Medium The vCenter UI service host-manager webapp must be removed.
V-259135 Medium The vCenter UI service manager webapp must be removed.
V-259134 Medium The vCenter UI service must enable "ENFORCE_ENCODING_IN_GET_WRITER".
V-259133 Medium The vCenter UI service must disable "ALLOW_BACKSLASH".
V-259132 Medium The vCenter UI service default documentation must be removed.
V-259131 Medium The vCenter UI service default ROOT web application must be removed.
V-259130 Medium The vCenter UI service example applications must be removed.