STIGQter: STIG Summary: VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The vCenter Server for Windows must use unique service accounts when applications connect to vCenter.

DISA Rule

SV-216856r612237_rule

Vulnerability Number

V-216856

Group Title

SRG-APP-000516

Rule Version

VCWN-65-000034

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

For applications sharing service accounts create a new service account to assign to the application so that no application shares a service account with another.

When standing up a new application that requires access to vCenter always create a new service account prior to installation and grant only the permissions needed for that application.

Check Contents

Verify that each external application that connects to vCenter has a unique service account dedicated to that application. For example there should be separate accounts for Log Insight, Operations Manager, or anything else that requires an account to access vCenter.

If any application shares a service account that is used to connect to vCenter, this is a finding.

Vulnerability Number

V-216856

Documentable

False

Rule Version

VCWN-65-000034

Severity Override Guidance

Verify that each external application that connects to vCenter has a unique service account dedicated to that application. For example there should be separate accounts for Log Insight, Operations Manager, or anything else that requires an account to access vCenter.

If any application shares a service account that is used to connect to vCenter, this is a finding.

Check Content Reference

M

Target Key

4030

Comments