STIGQter STIGQter: STIG Summary:

VMware Automation 7.x Application Security Technical Implementation Guide

Version: 1

Release: 1 Benchmark Date: 28 Sep 2018

SV-99775r1_rulevRA must enable FIPS Mode.
SV-99777r1_ruleThe vRealize Automation application must be configured to a 15 minute of less session timeout.
SV-99779r1_ruleThe vRealize Automation server must be configured to perform complete application deployments.
SV-99781r1_ruleThe vRealize Automation security file must be restricted to the vcac user.
SV-99783r1_ruleThe application server must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.
SV-99785r1_ruleThe application server must use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates.
SV-99787r1_ruleThe vRealize Automation appliance must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.