STIGQter: STIG Summary: VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The vCenter Server for Windows must enable SSL for Network File Copy (NFC).

DISA Rule

SV-216843r612237_rule

Vulnerability Number

V-216843

Group Title

SRG-APP-000516

Rule Version

VCWN-65-000021

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

From the vSphere Web Client go to vCenter Inventory Lists >> vCenter Servers >> Select your vCenter Server >> Manage >> Settings >> Advanced Settings. Click "Edit" and edit the "config.nfc.useSSL" value to "true" or if the value does not exist create it by entering the values in the "Key" and "Value" fields and clicking "Add".

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:

If the setting already exists:
Get-AdvancedSetting -Entity <vcenter server name> -Name config.nfc.useSSL | Set-AdvancedSetting -Value true

If the setting does not exist:
New-AdvancedSetting -Entity <vcenter server name> -Name config.nfc.useSSL -Value true

Check Contents

From the vSphere Web Client go to vCenter Inventory Lists >> vCenter Servers >> Select your vCenter Server >> Manage >> Settings >> Advanced Settings.

Verify that config.nfc.useSSL is set to "true".

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:
Get-AdvancedSetting -Entity <vcenter server name> -Name config.nfc.useSSL

Verify "config.nfc.useSSL" is set to "true".

If the "config.nfc.useSSL" is set to a value other than "true" or does not exist, this is a finding.

Vulnerability Number

V-216843

Documentable

False

Rule Version

VCWN-65-000021

Severity Override Guidance

From the vSphere Web Client go to vCenter Inventory Lists >> vCenter Servers >> Select your vCenter Server >> Manage >> Settings >> Advanced Settings.

Verify that config.nfc.useSSL is set to "true".

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:
Get-AdvancedSetting -Entity <vcenter server name> -Name config.nfc.useSSL

Verify "config.nfc.useSSL" is set to "true".

If the "config.nfc.useSSL" is set to a value other than "true" or does not exist, this is a finding.

Check Content Reference

M

Target Key

4030

Comments