STIGQter STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server.

DISA Rule

SV-243110r719573_rule

Vulnerability Number

V-243110

Group Title

SRG-APP-000516

Rule Version

VCTR-67-000054

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

From the vSphere Client, go to Hosts and Clusters >> vCenter Server >> Configure >> vSAN >> Internet Connectivity >> Edit.

If the HCL internet download is not required, ensure that "Status" is disabled.

If the HCL internet download is required, ensure that "Status" is enabled and a proxy host is appropriately configured.

Check Contents

If no clusters are enabled for vSAN, this is not applicable.

From the vSphere Client, go to Hosts and Clusters >> select the vCenter Server >> Configure >> vSAN >> Internet Connectivity.

If the HCL internet download is not required, verify that "Status" is disabled.

If the "Status" is enabled, this is a finding.

If the HCL internet download is required, verify that "Status" is enabled and a proxy host is configured.

If "Status" is enabled and a proxy is not configured, this is a finding.

Vulnerability Number

V-243110

Documentable

False

Rule Version

VCTR-67-000054

Severity Override Guidance

If no clusters are enabled for vSAN, this is not applicable.

From the vSphere Client, go to Hosts and Clusters >> select the vCenter Server >> Configure >> vSAN >> Internet Connectivity.

If the HCL internet download is not required, verify that "Status" is disabled.

If the "Status" is enabled, this is a finding.

If the HCL internet download is required, verify that "Status" is enabled and a proxy host is configured.

If "Status" is enabled and a proxy is not configured, this is a finding.

Check Content Reference

M

Target Key

5399

Comments