STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The vCenter Server must restrict access to the cryptographic role.

DISA Rule

SV-243118r719597_rule

Vulnerability Number

V-243118

Group Title

SRG-APP-000516

Rule Version

VCTR-67-000063

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

From the vSphere Client, go to Administration >> Access Control >> Roles.

Move any accounts not explicitly designated for cryptographic operations, other than Solution Users, to other roles such as "No Cryptography Administrator".

Check Contents

From the vSphere Client, go to Administration >> Access Control >> Roles.

or

From a PowerCLI command prompt while connected to the vCenter server, run the following command:

Get-VIPermission | Where {$_.Role -eq "Admin"} | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto

If there are any users other than Solution Users with the "Administrator" role that are not explicitly designated for cryptographic operations, this is a finding.

Vulnerability Number

V-243118

Documentable

False

Rule Version

VCTR-67-000063

Severity Override Guidance

From the vSphere Client, go to Administration >> Access Control >> Roles.

or

From a PowerCLI command prompt while connected to the vCenter server, run the following command:

Get-VIPermission | Where {$_.Role -eq "Admin"} | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto

If there are any users other than Solution Users with the "Administrator" role that are not explicitly designated for cryptographic operations, this is a finding.

Check Content Reference

M

Target Key

5399

Comments