STIGQter STIGQter: STIG Summary: VMware vSphere 6.5 Virtual Machine Security Technical Implementation Guide

Version: 1

Release: 2 Benchmark Date: 25 Oct 2019

CheckedNameTitle
SV-104393r1_ruleCopy operations must be disabled on the virtual machine.
SV-104395r1_ruleDrag and drop operations must be disabled on the virtual machine.
SV-104397r1_ruleGUI functionality for copy/paste operations must be disabled on the virtual machine.
SV-104399r1_rulePaste operations must be disabled on the virtual machine.
SV-104401r1_ruleVirtual disk shrinking must be disabled on the virtual machine.
SV-104403r2_ruleVirtual disk erasure must be disabled on the virtual machine.
SV-104405r1_ruleIndependent, non-persistent disks must be not be used on the virtual machine.
SV-104407r1_ruleHGFS file transfers must be disabled on the virtual machine.
SV-104409r1_ruleThe unexposed feature keyword isolation.tools.ghi.autologon.disable must be set on the virtual machine.
SV-104411r1_ruleThe unexposed feature keyword isolation.tools.ghi.launchmenu.change must be set on the virtual machine.
SV-104413r1_ruleThe unexposed feature keyword isolation.tools.memSchedFakeSampleStats.disable must be set on the virtual machine.
SV-104415r1_ruleThe unexposed feature keyword isolation.tools.ghi.protocolhandler.info.disable must be set on the virtual machine.
SV-104423r1_ruleThe unexposed feature keyword isolation.ghi.host.shellAction.disable must be set on the virtual machine.
SV-104425r1_ruleThe unexposed feature keyword isolation.tools.ghi.trayicon.disable must be set on the virtual machine.
SV-104427r1_ruleThe unexposed feature keyword isolation.tools.unity.disable must be set on the virtual machine.
SV-104429r1_ruleThe unexposed feature keyword isolation.tools.unityInterlockOperation.disable must be set on the virtual machine.
SV-104431r1_ruleThe unexposed feature keyword isolation.tools.unity.push.update.disable must be set on the virtual machine.
SV-104433r1_ruleThe unexposed feature keyword isolation.tools.unity.taskbar.disable must be set on the virtual machine.
SV-104435r1_ruleThe unexposed feature keyword isolation.tools.unityActive.disable must be set on the virtual machine.
SV-104437r1_ruleThe unexposed feature keyword isolation.tools.unity.windowContents.disable must be set on the virtual machine.
SV-104439r1_ruleThe unexposed feature keyword isolation.tools.vmxDnDVersionGet.disable must be set on the virtual machine.
SV-104441r1_ruleThe unexposed feature keyword isolation.tools.guestDnDVersionSet.disable must be set on the virtual machine.
SV-104443r1_ruleUnauthorized floppy devices must be disconnected on the virtual machine.
SV-104445r1_ruleUnauthorized CD/DVD devices must be disconnected on the virtual machine.
SV-104447r1_ruleUnauthorized parallel devices must be disconnected on the virtual machine.
SV-104449r1_ruleUnauthorized serial devices must be disconnected on the virtual machine.
SV-104451r1_ruleUnauthorized USB devices must be disconnected on the virtual machine.
SV-104453r1_ruleConsole connection sharing must be limited on the virtual machine.
SV-104455r1_ruleConsole access through the VNC protocol must be disabled on the virtual machine.
SV-104457r1_ruleInformational messages from the virtual machine to the VMX file must be limited on the virtual machine.
SV-104459r1_ruleUnauthorized removal, connection and modification of devices must be prevented on the virtual machine.
SV-104461r1_ruleThe virtual machine must not be able to obtain host information from the hypervisor.
SV-104463r1_ruleShared salt values must be disabled on the virtual machine.
SV-104465r1_ruleAccess to virtual machines through the dvfilter network APIs must be controlled.
SV-104467r1_ruleSystem administrators must use templates to deploy virtual machines whenever possible.
SV-104469r1_ruleUse of the virtual machine console must be minimized.
SV-104477r1_ruleThe virtual machine guest operating system must be locked when the last console connection is closed.
SV-104479r1_rule3D features on the virtual machine must be disabled when not required.
SV-104481r1_ruleEncryption must be enabled for vMotion on the virtual machine.