STIGQter: STIG Summary: VMware vSphere 6.5 Virtual Machine Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 25 Oct 2019:

Encryption must be enabled for vMotion on the virtual machine.

DISA Rule

SV-104481r1_rule

Vulnerability Number

V-94651

Group Title

SRG-OS-000480-VMM-002000

Rule Version

VMCH-65-000049

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

From the vSphere Client select the Virtual Machine, right click and go to Edit Settings >> VM Options Tab >> Encryption >> Encrypted vMotion. Set the value to "Opportunistic" or "Required".

Check Contents

From the vSphere Web Client select the Virtual Machine, right click and go to Edit Settings >> VM Options Tab >> Encryption >> Encrypted vMotion.

or

From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:

Get-VM | Where {($_.ExtensionData.Config.MigrateEncryption -ne "opportunistic") -and ($_.ExtensionData.Config.MigrateEncryption -ne "required")}

If the setting does not have a value of "Opportunistic" or "Required", this is a finding.

Vulnerability Number

V-94651

Documentable

False

Rule Version

VMCH-65-000049

Severity Override Guidance

From the vSphere Web Client select the Virtual Machine, right click and go to Edit Settings >> VM Options Tab >> Encryption >> Encrypted vMotion.

or

From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:

Get-VM | Where {($_.ExtensionData.Config.MigrateEncryption -ne "opportunistic") -and ($_.ExtensionData.Config.MigrateEncryption -ne "required")}

If the setting does not have a value of "Opportunistic" or "Required", this is a finding.

Check Content Reference

M

Target Key

3489

Comments