STIGQter STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The vCenter Server must disable Password and Windows integrated authentication.

DISA Rule

SV-243116r719591_rule

Vulnerability Number

V-243116

Group Title

SRG-APP-000516

Rule Version

VCTR-67-000061

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

From the vSphere Client go to Administration >> Single Sign-On >> Configuration >> Smart Card Authentication. Next to "Authentication methods", click "Edit". Click the "Enable smart card authentication" radio button and click "Save".

To re-enable password authentication for troubleshooting purposes, run the following command on the vCenter server:

/opt/vmware/bin/sso-config.sh -set_authn_policy -pwdAuthn true -winAuthn false -certAuthn false -securIDAuthn false -t vsphere.local

Check Contents

Note: For vCenter Server Windows, this is not applicable.

From the vSphere Client go to Administration >> Single Sign-On >> Configuration >> Smart Card Authentication.

If "Smart card authentication" is not enabled and "Password and windows session authentication" is not disabled, this is a finding.

Vulnerability Number

V-243116

Documentable

False

Rule Version

VCTR-67-000061

Severity Override Guidance

Note: For vCenter Server Windows, this is not applicable.

From the vSphere Client go to Administration >> Single Sign-On >> Configuration >> Smart Card Authentication.

If "Smart card authentication" is not enabled and "Password and windows session authentication" is not disabled, this is a finding.

Check Content Reference

M

Target Key

5399

Comments