Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must not use the IPv6 network stack unless needed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-63307 | ESXI-06-000069 | SV-77797r1_rule | Medium |
| Description |
|---|
| IPv6 is the next version of the Internet protocol. Binding this protocol to the network stack increases the attack surface of the host. |
| STIG | Date |
|---|---|
| VMware vSphere ESXi 6.0 Security Technical Implementation Guide | 2016-06-07 |
Details
| Check Text ( C-64041r1_chk ) |
|---|
| From the vSphere Client select the ESXi Host and go to Configuration >> Networking >> Properties. Verify IPv6 is not enabled. or From a PowerCLI command prompt while connected to the ESXi host run the following command: Get-VMHost | Get-VMHostNetwork | Select VMHost,IPv6Enabled If IPv6 is enabled and not in use, this is a finding. |
| Fix Text (F-69225r1_fix) |
|---|
| From the vSphere Client select the ESXi Host and go to Configuration >> Networking >> Properties. Uncheck IPv6 and reboot the host. or From a PowerCLI command prompt while connected to the ESXi host run the following command: Get-VMHost | Get-VMHostNetwork | Set-VMHostNetwork -IPv6Enabled $false |