STIGQter: STIG Summary: VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The vCenter Server for Windows must restrict access to cryptographic role.

DISA Rule

SV-216882r612237_rule

Vulnerability Number

V-216882

Group Title

SRG-APP-000516

Rule Version

VCWN-65-000063

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

From the vSphere Web Client go to Administration >> Access Control >> Roles

Move any accounts not explicitly designated for cryptographic operations, other than Solution Users, to other roles such as "No Cryptography Administrator".

Check Contents

From the vSphere Web Client go to Administration >> Access Control >> Roles

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:
Get-VIPermission | Where {$_.Role -eq "Admin"} | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto

If there are any users other than Solution Users with the "Administrator" role that are not explicitly designated for cryptographic operations, this is a finding.

Vulnerability Number

V-216882

Documentable

False

Rule Version

VCWN-65-000063

Severity Override Guidance

From the vSphere Web Client go to Administration >> Access Control >> Roles

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:
Get-VIPermission | Where {$_.Role -eq "Admin"} | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto

If there are any users other than Solution Users with the "Administrator" role that are not explicitly designated for cryptographic operations, this is a finding.

Check Content Reference

M

Target Key

4030

Comments