STIGQter: STIG Summary: VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The vCenter Server for Windows must enable TLS 1.2 exclusively.

DISA Rule

SV-216876r612237_rule

Vulnerability Number

V-216876

Group Title

SRG-APP-000516

Rule Version

VCWN-65-000057

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Download the VMware TLS Reconfigurator utility from my.vmware.com. Follow installation instructions for your vCenter platform according to VMware KB 2147469. Run the following commands.

Appliance:
1. /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator/reconfigureVc backup
2. /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator/reconfigureVc update -p TLS1.2

Windows:
1. Open a command prompt and cd to C:\Program Files\VMware\CIS\vSphereTlsReconfigurator\VcTlsReconfigurator
2. Enter command "reconfigureVc backup" and press "Enter"
3. Enter command "reconfigureVc update -p TLS1.2" and press "Enter"

vCenter services will be restarted as part of the reconfiguration, the OS will not be restarted. You can add the --no-restart flag to restart services at a later time. Changes will not take effect until all services are restarted or the machine is rebooted.

Check Contents

Download the VMware TLS Reconfigurator utility from my.vmware.com. Follow installation instructions for your vCenter platform according to VMware KB 2147469.

Appliance:
1. /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator/reconfigureVc backup
2. /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator/reconfigureVc scan

Windows:
1. Open a command prompt and cd to C:\Program Files\VMware\CIS\vSphereTlsReconfigurator\VcTlsReconfigurator
2. Enter command "reconfigureVc scan" and press "Enter"

If the output indicates versions of TLS other than 1.2 are enabled, this is a finding.

Vulnerability Number

V-216876

Documentable

False

Rule Version

VCWN-65-000057

Severity Override Guidance

Download the VMware TLS Reconfigurator utility from my.vmware.com. Follow installation instructions for your vCenter platform according to VMware KB 2147469.

Appliance:
1. /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator/reconfigureVc backup
2. /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator/reconfigureVc scan

Windows:
1. Open a command prompt and cd to C:\Program Files\VMware\CIS\vSphereTlsReconfigurator\VcTlsReconfigurator
2. Enter command "reconfigureVc scan" and press "Enter"

If the output indicates versions of TLS other than 1.2 are enabled, this is a finding.

Check Content Reference

M

Target Key

4030

Comments