STIGQter STIGQter: STIG Summary: VMware Automation 7.x Application Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018: The application server must use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates.

DISA Rule

SV-99785r1_rule

Vulnerability Number

V-89135

Group Title

SRG-APP-000514-AS-000137

Rule Version

VRAU-AP-000645

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure vRA to use Smart Card Authentication with the following steps:

1. Set up smart card infrastructure as per VMware documentation, if required.
2. In vRA, go to Administration >> Directories Management >> Identity Providers.
3. Add the identity provider used for smart card authentication.
4. In vRA, go to Administration >> Directories Management >> Policies.
5. Edit default policy and change authentication method to "certificate".

Check Contents

Verify that Smart Card Authentication is in use with the following steps:

1. In vRA, go to Administration >> Directories Management >> Identity Providers.
2. Verify that the identity provider listed is the identity provider used for smart card authentication.
3. In vRA, go to Administration >> Directories Management >> Policies.
4. Verify that the default policy authentication method is set to "certificate".

If the identity provider listed is not that used for smart card authentication, this is a finding.

If the default policy authentication method is not set to "certificate", this is a finding.

Vulnerability Number

V-89135

Documentable

False

Rule Version

VRAU-AP-000645

Severity Override Guidance

Verify that Smart Card Authentication is in use with the following steps:

1. In vRA, go to Administration >> Directories Management >> Identity Providers.
2. Verify that the identity provider listed is the identity provider used for smart card authentication.
3. In vRA, go to Administration >> Directories Management >> Policies.
4. Verify that the default policy authentication method is set to "certificate".

If the identity provider listed is not that used for smart card authentication, this is a finding.

If the default policy authentication method is not set to "certificate", this is a finding.

Check Content Reference

M

Target Key

3447

Comments