STIGQter: STIG Summary: VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-216853r612237_rule
V-216853
SRG-APP-000516
VCWN-65-000031
CAT III
10
Configure the Update Manager Server to use a separate Update Manager Download Server; the use of physical media to transfer updated files to the Update Manager server (air gap model) must be enforced and documented with organization policies. Configure the Update Manager Download Server and enable the Download Service. Patches must not be directly accessible to the Update Manager Server application from the Internet.
To configure a Web server or local disk repository as a download source (i.e., "Direct connection to Internet" must not be selected as the source), from the vSphere Client/vCenter Server system, click "Update Manager" under "Solutions and Applications". On the "Configuration" tab, under "Settings", click "Download Settings". In the "Download Sources" pane, select "Use a shared repository". Enter the <site-specific> path or the URL to the shared repository. Click "Validate URL" to validate the path. Click "Apply".
Check the following conditions:
The Update Manager must be configured to use the Update Manager Download Server.
The use of physical media to transfer update files to the Update Manager server (air gap model example: separate Update Manager Download Server which may source vendor patches externally via the Internet versus an internal, organization defined source) must be enforced with site policies.
Verify the Update Manager download source is not the Internet.
To verify download settings, from the vSphere Client/vCenter Server system, click "Update Manager" under "Solutions and Applications".
On the "Configuration tab", under "Settings", click "Download Settings". In the "Download Sources" pane, verify "Direct connection to Internet" is not selected.
If "Direct connection to Internet" is configured, this is a finding.
If all of the above conditions are not met, this is a finding.
V-216853
False
VCWN-65-000031
Check the following conditions:
The Update Manager must be configured to use the Update Manager Download Server.
The use of physical media to transfer update files to the Update Manager server (air gap model example: separate Update Manager Download Server which may source vendor patches externally via the Internet versus an internal, organization defined source) must be enforced with site policies.
Verify the Update Manager download source is not the Internet.
To verify download settings, from the vSphere Client/vCenter Server system, click "Update Manager" under "Solutions and Applications".
On the "Configuration tab", under "Settings", click "Download Settings". In the "Download Sources" pane, verify "Direct connection to Internet" is not selected.
If "Direct connection to Internet" is configured, this is a finding.
If all of the above conditions are not met, this is a finding.
M
4030