STIGQter STIGQter: STIG Summary:

VMware vSphere 6.7 Virgo-Client Security Technical Implementation Guide

Version: 1

Release: 1 Benchmark Date: 09 Mar 2021

SV-239743r679456_rulevSphere Client must limit the amount of time that each TCP connection is kept alive.
SV-239744r679459_rulevSphere Client must limit the number of concurrent connections permitted.
SV-239745r679462_rulevSphere Client must limit the maximum size of a POST request.
SV-239746r679465_rulevSphere Client must protect cookies from XSS.
SV-239747r679468_rulevSphere Client must be configured with FIPS 140-2 compliant ciphers for HTTPS connections.
SV-239748r679471_rulevSphere Client must be configured to enable SSL/TLS.
SV-239749r679474_rulevSphere Client must be configured to only communicate over TLS 1.2.
SV-239750r679477_rulevSphere Client must be configured to use the HTTPS scheme.
SV-239751r679542_rulevSphere Client must record user access in a format that enables monitoring of remote access.
SV-239752r679483_rulevSphere Client must generate log records during Java startup and shutdown.
SV-239753r679486_rulevSphere Client application files must be verified for their integrity.
SV-239754r679489_rulevSphere Client must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.
SV-239755r679492_rulevSphere Client must have mappings set for Java servlet pages.
SV-239756r679495_rulevSphere Client must not have the Web Distributed Authoring (WebDAV) servlet installed.
SV-239757r679498_rulevSphere Client must be configured with memory leak protection.
SV-239758r679501_rulevSphere Client must not have any symbolic links in the web content directory tree.
SV-239759r679504_rulevSphere Client must ensure appropriate permissions are set on the keystore.
SV-239760r679507_rulevSphere Client directory tree must have permissions in an "out-of-the-box" state.
SV-239761r679510_rulevSphere Client must limit the number of allowed connections.
SV-239762r679513_rulevSphere Client must set "URIEncoding" to UTF-8.
SV-239763r679516_rulevSphere Client must set the "welcome-file" node to a default web page.
SV-239764r679519_rulevSphere Client must not show directory listings.
SV-239765r679522_rulevSphere Client must be configured to show error pages with minimal information.
SV-239766r679525_rulevSphere Client must not enable support for TRACE requests.
SV-239767r679528_rulevSphere Client must have the debug option turned off.
SV-239768r679531_ruleRsyslog must be configured to monitor and ship vSphere Client log files.
SV-239769r679534_rulevSphere Client must be configured with the appropriate ports.
SV-239770r679537_rulevSphere Client must disable the shutdown port.
SV-239771r679540_rulevSphere Client must set the secure flag for cookies.