Virtual guest operating systems must be registered in a vulnerability and asset management system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-40193 | WN12-GE-000011 | SV-52151r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Virtual guest operating systems share the same vulnerabilities as operating systems running on dedicated hardware and must be individually assessed for security guidance compliance. The VMS used may be DISA VMS or a similar vulnerability and asset management system. |
| STIG | Date |
|---|---|
| Windows Server 2012 Domain Controller Security Technical Implementation Guide | 2014-01-07 |
Details
| Check Text ( C-46949r1_chk ) |
|---|
| If no virtual guest operating systems exist, this is NA. Determine if virtual guest operating systems have been registered in a vulnerability and asset management system as separate assets. If they have not, this is a finding. |
| Fix Text (F-45176r1_fix) |
|---|
| Register all virtual guest operating systems as separate assets in a vulnerability and asset management system. |