UCF STIG Viewer Logo

VMware vSphere Virtual Machine Version 6 Security Technical Implementation Guide


Overview

Date Finding Count (43)
2015-12-09 CAT I (High): 3 CAT II (Med): 11 CAT III (Low): 29
STIG Description
The VMware vSphere Virtual Machine Version 6 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-64051 High The system must not use independent, non-persistent disks.
V-64049 High The system must disable virtual disk erasure.
V-64047 High The system must disable virtual disk shrinking.
V-64053 Medium The system must disable HGFS file transfers.
V-64115 Medium The system must not send host information to guests.
V-64113 Medium The system must prevent unauthorized removal, connection and modification of devices.
V-64111 Medium The system must prevent unauthorized removal, connection and modification of devices.
V-64099 Medium The system must disconnect unauthorized serial devices.
V-64093 Medium The system must disconnect unauthorized floppy devices.
V-64097 Medium The system must disconnect unauthorized parallel devices.
V-64101 Medium The system must disconnect unauthorized USB devices.
V-64103 Medium The system must limit sharing of console connections.
V-64123 Medium The system must minimize use of the VM console.
V-64105 Medium The system must disable console access through the VNC protocol.
V-64107 Low The system must disable tools auto install.
V-64071 Low The unexposed feature keyword isolation.tools.trashFolderState.disable must be set.
V-64117 Low The system must disable shared salt values.
V-64119 Low The system must control access to VMs through the dvfilter network APIs.
V-64079 Low The unexposed feature keyword isolation.tools.unity.push.update.disable must be set.
V-64059 Low The unexposed feature keyword isolation.tools.getCreds.disable must be set.
V-64055 Low The unexposed feature keyword isolation.tools.ghi.autologon.disable must be set.
V-64057 Low The unexposed feature keyword isolation.bios.bbs.disable must be set.
V-64073 Low The unexposed feature keyword isolation.tools.ghi.trayicon.disable must be set.
V-64075 Low The unexposed feature keyword isolation.tools.unity.disable must be set.
V-64091 Low The system must disable VIX messages from the VM.
V-64095 Low The system must disconnect unauthorized CD/DVD devices.
V-64077 Low The unexposed feature keyword isolation.tools.unityInterlockOperation.disable must be set.
V-63151 Low The system must explicitly disable copy operations.
V-64067 Low The unexposed feature keyword isolation.ghi.host.shellAction.disable must be set.
V-64065 Low The unexposed feature keyword isolation.tools.ghi.protocolhandler.info.disable must be set.
V-64063 Low The unexposed feature keyword isolation.tools.memSchedFakeSampleStats.disable must be set.
V-64061 Low The unexposed feature keyword isolation.tools.ghi.launchmenu.change must be set.
V-64069 Low The unexposed feature keyword isolation.tools.dispTopoRequest.disable must be set.
V-64109 Low The system must limit informational messages from the VM to the VMX file.
V-64045 Low The system must explicitly disable paste operations.
V-64041 Low The system must explicitly disable drag and drop operations.
V-64121 Low The system must use templates to deploy VMs whenever possible.
V-64043 Low The system must explicitly disable any GUI functionality for copy/paste operations.
V-64089 Low The unexposed feature keyword isolation.tools.guestDnDVersionSet.disable must be set.
V-64081 Low The unexposed feature keyword isolation.tools.unity.taskbar.disable must be set.
V-64083 Low The unexposed feature keyword isolation.tools.unityActive.disable must be set.
V-64085 Low The unexposed feature keyword isolation.tools.unity.windowContents.disable must be set.
V-64087 Low The unexposed feature keyword isolation.tools.vmxDnDVersionGet.disable must be set.