STIGQter: STIG Summary: VMW vRealize Automation 7.x vAMI Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

Patches, service packs, and upgrades to the vAMI must be verifiably signed using a digital certificate that is recognized and approved by the organization.

DISA Rule

SV-100861r1_rule

Vulnerability Number

V-90211

Group Title

SRG-APP-000131-AS-000002

Rule Version

VRAU-VA-000170

Severity

CAT II

CCI(s)

• CCI-001749 - The information system prevents the installation of organization-defined software components without verification the software component has been digitally signed using a certificate that is recognized and approved by the organization.

Weight

10

Fix Recommendation

Develop and implement a site procedure to verify the digital signature of the vAMI files prior to being installed on a production system.

Check Contents

Interview the ISSO and/or the SA.

Determine if there is a local procedure to verify the digital signature of the vAMI files prior to being installed on a production system.

If a procedure does not exist or is not being followed, this is a finding.

Vulnerability Number

V-90211

Documentable

False

Rule Version

VRAU-VA-000170

Severity Override Guidance

Interview the ISSO and/or the SA.

Determine if there is a local procedure to verify the digital signature of the vAMI files prior to being installed on a production system.

If a procedure does not exist or is not being followed, this is a finding.

Check Content Reference

M

Target Key

3449

Comments