STIGQter: STIG Summary: VMW vRealize Automation 7.x vAMI Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The application server must remove all export ciphers to protect the confidentiality and integrity of transmitted information.

DISA Rule

SV-100931r1_rule

Vulnerability Number

V-90281

Group Title

SRG-APP-000439-AS-000274

Rule Version

VRAU-VA-000660

Severity

CAT II

CCI(s)

• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

10

Fix Recommendation

Enable FIPS mode in the vRealize Automation virtual appliance management interface with the following steps:

1. Log into the vRealize Automation virtual appliance management interface (vAMI).
https:// vrealize-automation-appliance-FQDN:5480
2. Select vRA Settings >> Host Settings.
3. Click the button under the Actions heading on the upper right to enable or disable FIPS.
4. Click "Yes" to restart the vRealize Automation appliance.

Alternately, enable FIPS mode in the command line using the following steps:
1. Log into the console as root.
2. Run the command: vcac-vami fips enable

Check Contents

Check that FIPS mode is enabled in the vRealize Automation virtual appliance management interface with the following steps:

1. Log into the vRealize Automation virtual appliance management interface (vAMI).
https:// vrealize-automation-appliance-FQDN:5480
2. Select vRA Settings >> Host Settings.
3. Review the button under the Actions heading on the upper right to confirm that "enable FIPS" is selected.

If "enable FIPS" is not selected, this is a finding.

Alternately, check that FIPS mode is enabled in the command line using the following steps:

1. Log into the console as root.
2. Run the command: vcac-vami fips status.

If FIPS is not enabled, this is a finding.

Vulnerability Number

V-90281

Documentable

False

Rule Version

VRAU-VA-000660

Severity Override Guidance

Check that FIPS mode is enabled in the vRealize Automation virtual appliance management interface with the following steps:

1. Log into the vRealize Automation virtual appliance management interface (vAMI).
https:// vrealize-automation-appliance-FQDN:5480
2. Select vRA Settings >> Host Settings.
3. Review the button under the Actions heading on the upper right to confirm that "enable FIPS" is selected.

If "enable FIPS" is not selected, this is a finding.

Alternately, check that FIPS mode is enabled in the command line using the following steps:

1. Log into the console as root.
2. Run the command: vcac-vami fips status.

If FIPS is not enabled, this is a finding.

Check Content Reference

M

Target Key

3449

Comments