STIGQter STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The vCenter Server must disable Password and Windows integrated authentication.

DISA Rule

SV-243133r719642_rule

Vulnerability Number

V-243133

Group Title

SRG-APP-000516

Rule Version

VCTR-67-000078

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

From the vSphere Client, go to Administration >> Single Sign-On >> Configuration >> Smart Card Authentication.

Next to "Authentication methods", click "Edit".

Click the "Enable smart card authentication" radio button and click "Save".

To reenable password authentication for troubleshooting purposes, run the following command on the vCenter server:

C:\Program Files\VMware\VCenter server\VMware Identity Services\sso-config.bat -set_authn_policy -pwdAuthn true -winAuthn false -certAuthn false -securIDAuthn false -t vsphere.local

Check Contents

Note: For vCenter Server Appliance, this is not applicable.

From the vSphere Client, go to Administration >> Single Sign-On >> Configuration >> Smart Card Authentication.

If "Smart card authentication" is not enabled and "Password and windows session authentication" is not disabled, this is a finding.

Vulnerability Number

V-243133

Documentable

False

Rule Version

VCTR-67-000078

Severity Override Guidance

Note: For vCenter Server Appliance, this is not applicable.

From the vSphere Client, go to Administration >> Single Sign-On >> Configuration >> Smart Card Authentication.

If "Smart card authentication" is not enabled and "Password and windows session authentication" is not disabled, this is a finding.

Check Content Reference

M

Target Key

5399

Comments