STIGQter: STIG Summary: VMware ESXi Server 5.0 Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 27 Jan 2017: The system must enable bidirectional CHAP authentication for iSCSI traffic.

DISA Rule

SV-51114r1_rule

Vulnerability Number

V-39298

Group Title

SRG-OS-99999-ESXI5

Rule Version

SRG-OS-99999-ESXI5-000141

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

In the vSphere Client, select the host, and then choose: Configuration >> Storage Adaptors >> iSCSI Initiator Properties >> CHAP >> CHAP (Target Authenticates Host). Select "Use Chap", and configure the "Name" and "Secret" options.

Check Contents

This check applies to the use of iSCSI storage. If iSCSI storage is not used, this check is not applicable.
In the vSphere Client, select the host, and then choose: Configuration - Storage Adaptors - iSCSI Initiator Properties - CHAP - CHAP (Target Authenticates Host) - determine if "Use Chap" is selected with a "Name" and a "Secret" configured.
If iSCSI storage is used and "Use CHAP" is not selected and configured with a "Name" and a "Secret", this is a finding.

Vulnerability Number

V-39298

Documentable

False

Rule Version

SRG-OS-99999-ESXI5-000141

Severity Override Guidance

This check applies to the use of iSCSI storage. If iSCSI storage is not used, this check is not applicable.
In the vSphere Client, select the host, and then choose: Configuration - Storage Adaptors - iSCSI Initiator Properties - CHAP - CHAP (Target Authenticates Host) - determine if "Use Chap" is selected with a "Name" and a "Secret" configured.
If iSCSI storage is used and "Use CHAP" is not selected and configured with a "Name" and a "Secret", this is a finding.

Check Content Reference

M

Target Key

2370

Comments