STIGQter STIGQter: STIG Summary: VMware vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020: The vCenter Server for Windows must have new Key Encryption Keys (KEKs) re-issued at regular intervals for vSAN encrypted datastore(s).

DISA Rule

SV-104665r1_rule

Vulnerability Number

V-94835

Group Title

SRG-OS-000480-VMM-002000

Rule Version

VCWN-65-000066

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

If vSAN encryption is in use, ensure that a regular re-key procedure is in place.

Check Contents

Interview the SA to determine that a procedure has been put in place to perform a shallow re-key of all vSAN encrypted datastores at regular, site defined intervals.

VMware recommends a 60-day re-key task but this interval must be defined by the SA and the ISSO.

If vSAN encryption is not in use, this is not a finding.

Vulnerability Number

V-94835

Documentable

False

Rule Version

VCWN-65-000066

Severity Override Guidance

Interview the SA to determine that a procedure has been put in place to perform a shallow re-key of all vSAN encrypted datastores at regular, site defined intervals.

VMware recommends a 60-day re-key task but this interval must be defined by the SA and the ISSO.

If vSAN encryption is not in use, this is not a finding.

Check Content Reference

M

Target Key

3487

Comments