STIGQter: STIG Summary: VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The vCenter Server for Windows must configure the vpxuser auto-password to be changed every 30 days.

DISA Rule

SV-216845r612237_rule

Vulnerability Number

V-216845

Group Title

SRG-APP-000516

Rule Version

VCWN-65-000023

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Select the vCenter Server in the vSphere Web Client object hierarchy.
Click Configure.
Click Advanced Settings and enter VimPasswordExpirationInDays in the filter box.
Set "VirtualCenter.VimPasswordExpirationInDays" to "30".

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:

If the setting already exists:
Get-AdvancedSetting -Entity <vcenter server name> -Name VirtualCenter.VimPasswordExpirationInDays | Set-AdvancedSetting -Value 30

If the setting does not exist:
New-AdvancedSetting -Entity <vcenter server name> -Name VirtualCenter.VimPasswordExpirationInDays -Value 30

Check Contents

Select the vCenter Server in the vSphere Web Client object hierarchy.
Click Configure.
Click Advanced Settings and enter VimPasswordExpirationInDays in the filter box.
Verify "VirtualCenter.VimPasswordExpirationInDays" is set to "30".

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:
Get-AdvancedSetting -Entity <vcenter server name> -Name VirtualCenter.VimPasswordExpirationInDays and verify it is set to 30.

If the "VirtualCenter.VimPasswordExpirationInDays" is set to a value other than "30" or does not exist, this is a finding.

Vulnerability Number

V-216845

Documentable

False

Rule Version

VCWN-65-000023

Severity Override Guidance

Select the vCenter Server in the vSphere Web Client object hierarchy.
Click Configure.
Click Advanced Settings and enter VimPasswordExpirationInDays in the filter box.
Verify "VirtualCenter.VimPasswordExpirationInDays" is set to "30".

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:
Get-AdvancedSetting -Entity <vcenter server name> -Name VirtualCenter.VimPasswordExpirationInDays and verify it is set to 30.

If the "VirtualCenter.VimPasswordExpirationInDays" is set to a value other than "30" or does not exist, this is a finding.

Check Content Reference

M

Target Key

4030

Comments