STIGQter STIGQter: STIG Summary: VMware vCenter Server Version 5 Security Technical Implementation Guide Version: 1 Release: 7 Benchmark Date: 22 Apr 2016: The connectivity between Update Manager and public patch repositories must be restricted by use of a separate Update Manager Download Server.

DISA Rule

SV-51407r1_rule

Vulnerability Number

V-39549

Group Title

ESXi5-408

Rule Version

VCENTER-000009

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the Update Manager Server to use a separate Update Manager Download Server; the use of physical media to transfer updated files to the Update Manager server (air-gap model) must be enforced and documented with organization policies. Configure the Update Manager Download Server and enable the Download Service. Patches must not be directly accessible to the Update Manager Server application from the Internet.

Check Contents

Check the following conditions:
The Update Manager must be configured to use the Update Manager Download Server.
The use of physical media to transfer update files to the Update Manager server (air-gap model example: separate Update Manager Download Server which may source vendor patches externally via the Internet versus an internal, organization defined source) must be enforced with site policies.

If all of the above conditions are not met, this is a finding.

Vulnerability Number

V-39549

Documentable

False

Rule Version

VCENTER-000009

Severity Override Guidance

Check the following conditions:
The Update Manager must be configured to use the Update Manager Download Server.
The use of physical media to transfer update files to the Update Manager server (air-gap model example: separate Update Manager Download Server which may source vendor patches externally via the Internet versus an internal, organization defined source) must be enforced with site policies.

If all of the above conditions are not met, this is a finding.

Check Content Reference

M

Target Key

2435

Comments