| Checked | Name | Title |
|---|
| ☐ | SV-243072r719459_rule | The vCenter Server must prohibit password reuse for a minimum of five generations. |
| ☐ | SV-243073r719462_rule | The vCenter Server must not automatically refresh client sessions. |
| ☐ | SV-243074r719465_rule | The vCenter Server must enforce a 60-day maximum password lifetime restriction. |
| ☐ | SV-243075r719468_rule | The vCenter Server must terminate management sessions after 10 minutes of inactivity. |
| ☐ | SV-243076r719471_rule | The vCenter Server users must have the correct roles assigned. |
| ☐ | SV-243077r719474_rule | The vCenter Server must manage excess capacity, bandwidth, or other redundancy to limit the effects of information-flooding types of denial-of-service (DoS) attacks by enabling Network I/O Control (NIOC). |
| ☐ | SV-243078r719644_rule | The vCenter Server must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events. |
| ☐ | SV-243079r719480_rule | The vCenter Server must implement Active Directory authentication. |
| ☐ | SV-243080r719483_rule | The vCenter Server must limit the use of the built-in SSO administrative account. |
| ☐ | SV-243081r719486_rule | The vCenter Server must disable the distributed virtual switch health check. |
| ☐ | SV-243082r719489_rule | The vCenter Server must set the distributed port group Forged Transmits policy to reject. |
| ☐ | SV-243083r719492_rule | The vCenter Server must set the distributed port group MAC Address Change policy to reject. |
| ☐ | SV-243084r719495_rule | The vCenter Server must set the distributed port group Promiscuous Mode policy to reject. |
| ☐ | SV-243085r719498_rule | The vCenter Server must only send NetFlow traffic to authorized collectors. |
| ☐ | SV-243086r719501_rule | The vCenter Server must configure all port groups to a value other than that of the native VLAN. |
| ☐ | SV-243087r719504_rule | The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized. |
| ☐ | SV-243088r719507_rule | The vCenter Server must not configure all port groups to VLAN values reserved by upstream physical switches. |
| ☐ | SV-243089r719510_rule | The vCenter Server must configure the vpxuser auto-password to be changed every 30 days. |
| ☐ | SV-243090r719513_rule | The vCenter Server must configure the vpxuser password meets length policy. |
| ☐ | SV-243091r719516_rule | The vCenter Server must disable the managed object browser (MOB) at all times when not required for troubleshooting or maintenance of managed objects. |
| ☐ | SV-243092r719519_rule | The vCenter Server must check the privilege reassignment after restarts. |
| ☐ | SV-243093r719522_rule | The vCenter Server must enable all tasks to be shown to Administrators in the Web Client. |
| ☐ | SV-243094r719525_rule | The vCenter Server must restrict the connectivity between Update Manager and public patch repositories by use of a separate Update Manager Download Server. |
| ☐ | SV-243095r719528_rule | The vCenter Server must use a least-privileges assignment for the vCenter Server database user. |
| ☐ | SV-243096r719531_rule | The vCenter Server must use unique service accounts when applications connect to vCenter. |
| ☐ | SV-243097r719534_rule | vCenter Server plugins must be verified. |
| ☐ | SV-243098r719537_rule | The vCenter Server must produce audit records containing information to establish what type of events occurred. |
| ☐ | SV-243099r719540_rule | The vCenter Server passwords must be at least 15 characters in length. |
| ☐ | SV-243100r719543_rule | The vCenter Server passwords must contain at least one uppercase character. |
| ☐ | SV-243101r719546_rule | The vCenter Server passwords must contain at least one lowercase character. |
| ☐ | SV-243102r719549_rule | The vCenter Server passwords must contain at least one numeric character. |
| ☐ | SV-243103r719552_rule | The vCenter Server passwords must contain at least one special character. |
| ☐ | SV-243104r719555_rule | The vCenter Server must limit the maximum number of failed login attempts to three. |
| ☐ | SV-243105r719558_rule | The vCenter Server must set the interval for counting failed login attempts to at least 15 minutes. |
| ☐ | SV-243106r719561_rule | The vCenter Server must require an administrator to unlock an account locked due to excessive login failures. |
| ☐ | SV-243107r719564_rule | The vCenter Server users must have the correct roles assigned. |
| ☐ | SV-243108r719567_rule | The vCenter Server must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic. |
| ☐ | SV-243109r719570_rule | The vCenter Server must enable the vSAN Health Check. |
| ☐ | SV-243110r719573_rule | The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. |
| ☐ | SV-243111r719576_rule | The vCenter Server must configure the vSAN Datastore name to a unique name. |
| ☐ | SV-243112r719579_rule | The vCenter Server must enable TLS 1.2 exclusively. |
| ☐ | SV-243113r719582_rule | The vCenter Server Machine SSL certificate must be issued by a DoD certificate authority. |
| ☐ | SV-243114r719585_rule | The vCenter Server must enable certificate based authentication. |
| ☐ | SV-243115r719588_rule | The vCenter Server must enable revocation checking for certificate-based authentication. |
| ☐ | SV-243116r719591_rule | The vCenter Server must disable Password and Windows integrated authentication. |
| ☐ | SV-243117r719594_rule | The vCenter Server must enable the login banner for vSphere Client. |
| ☐ | SV-243118r719597_rule | The vCenter Server must restrict access to the cryptographic role. |
| ☐ | SV-243119r719600_rule | The vCenter Server must restrict access to cryptographic permissions. |
| ☐ | SV-243120r719603_rule | The vCenter Server must have Mutual CHAP configured for vSAN iSCSI targets. |
| ☐ | SV-243121r719606_rule | The vCenter Server must have new Key Encryption Keys (KEKs) reissued at regular intervals for vSAN encrypted datastore(s). |
| ☐ | SV-243122r719609_rule | The vCenter Server must disable the Customer Experience Improvement Program (CEIP). |
| ☐ | SV-243123r719612_rule | The vCenter Server must use secure Lightweight Directory Access Protocol (LDAPS) when adding an SSO identity source. |
| ☐ | SV-243124r719615_rule | The vCenter Server must use a limited privilege account when adding an LDAP identity source. |
| ☐ | SV-243125r719618_rule | The vCenter Server must not automatically refresh client sessions. |
| ☐ | SV-243126r719621_rule | The vCenter Server must terminate management sessions after 10 minutes of inactivity. |
| ☐ | SV-243127r719624_rule | The vCenter Server services must be ran using a service account instead of a built-in Windows account. |
| ☐ | SV-243128r719627_rule | The vCenter Server must minimize access to the vCenter server. |
| ☐ | SV-243129r719630_rule | The vCenter Server Administrators must clean up log files after failed installations. |
| ☐ | SV-243130r719633_rule | The vCenter Server must enable all tasks to be shown to Administrators in the Web Client. |
| ☐ | SV-243131r719636_rule | The vCenter Server Administrator role must be secured and assigned to specific users other than a Windows Administrator. |
| ☐ | SV-243132r719639_rule | The vCenter Server must enable TLS 1.2 exclusively. |
| ☐ | SV-243133r719642_rule | The vCenter Server must disable Password and Windows integrated authentication. |
STIGQter: STIG Summary: