STIGQter STIGQter: STIG Summary: VMware ESXi Version 5 Virtual Machine Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 28 Jul 2017: The system must control virtual machine access to host resources.

DISA Rule

SV-51300r2_rule

Vulnerability Number

V-39442

Group Title

ESXi5-200

Rule Version

ESXI5-VM-000001

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

From the vCenter client, select the Datacenter/host. Right-click the VM select Edit Settings to configure the virtual machine's memory and/or CPU limits, shares, and/or reservation(s). Appropriate values must be set for memory, CPU, advanced CPU, and disk variables. With the appropriate (site-specific) level selected for the VM, select the OK button to save any change(s).

Check Contents

Virtual machines (VMs) that have a greater risk of being exploited or attacked, or that run applications known to potentially consume resources must be constrained. From the vSphere Client/vCenter, select the Datacenter/host. Right-click the VM, select Edit Settings to check the virtual machine's memory and/or CPU shares, limits, and/or reservation(s). Appropriate values must be set for memory, CPU, advanced CPU, and disk variables. Care must be taken to ensure that the settings do not hamper dynamic resource allocation and management proper to virtualization systems.

If any host VMs do not have share, limit, and/or reservation setpoints initialized, as appropriate to their respective levels of the risk of exploit or attack, this is a finding.

Vulnerability Number

V-39442

Documentable

False

Rule Version

ESXI5-VM-000001

Severity Override Guidance

Virtual machines (VMs) that have a greater risk of being exploited or attacked, or that run applications known to potentially consume resources must be constrained. From the vSphere Client/vCenter, select the Datacenter/host. Right-click the VM, select Edit Settings to check the virtual machine's memory and/or CPU shares, limits, and/or reservation(s). Appropriate values must be set for memory, CPU, advanced CPU, and disk variables. Care must be taken to ensure that the settings do not hamper dynamic resource allocation and management proper to virtualization systems.

If any host VMs do not have share, limit, and/or reservation setpoints initialized, as appropriate to their respective levels of the risk of exploit or attack, this is a finding.

Check Content Reference

M

Target Key

2438

Comments