STIGQter STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The vCenter Server must enable TLS 1.2 exclusively.

DISA Rule

SV-243112r719579_rule

Vulnerability Number

V-243112

Group Title

SRG-APP-000516

Rule Version

VCTR-67-000057

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

On the vCenter Server, execute the following commands:

# /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator/reconfigureVc backup
# /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator/reconfigureVc update -p TLS1.2

vCenter services will be restarted as part of the reconfiguration, the OS will not be restarted. You can add the --no-restart flag to restart services at a later time. Changes will not take effect until all services are restarted or the machine is rebooted.

Check Contents

Note: For vCenter Server Windows, this is not applicable.

On the vCenter Server, execute the following command:

# /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator scan

If the output indicates versions of TLS other than 1.2 are enabled, this is a finding.

Vulnerability Number

V-243112

Documentable

False

Rule Version

VCTR-67-000057

Severity Override Guidance

Note: For vCenter Server Windows, this is not applicable.

On the vCenter Server, execute the following command:

# /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator scan

If the output indicates versions of TLS other than 1.2 are enabled, this is a finding.

Check Content Reference

M

Target Key

5399

Comments