STIGQter: STIG Summary: VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The vCenter Server for Windows must have Mutual CHAP configured for vSAN iSCSI targets.

DISA Rule

SV-216884r612237_rule

Vulnerability Number

V-216884

Group Title

SRG-APP-000516

Rule Version

VCWN-65-000065

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

From the vSphere Web Client go to Host and Clusters >> Select a Cluster >> Configure >> Virtual SAN >> iSCSI Targets

For each iSCSI Target select the item and click the pencil icon to open the edit dialog. Change the "Authentication" field to "Mutual CHAP" and configure the incoming and outgoing users and secrets appropriately.

Check Contents

If no clusters are enabled for vSAN or if vSAN is enabled but iSCSI is not enabled, this is not applicable.

From the vSphere Web Client go to Host and Clusters >> Select a Cluster >> Configure >> Virtual SAN >> iSCSI Targets

For each iSCSI Target select the item and click the pencil icon to open the edit dialog.

If the Authentication method is not set to "Mutual CHAP" and fully configured, this is a finding.

Vulnerability Number

V-216884

Documentable

False

Rule Version

VCWN-65-000065

Severity Override Guidance

If no clusters are enabled for vSAN or if vSAN is enabled but iSCSI is not enabled, this is not applicable.

From the vSphere Web Client go to Host and Clusters >> Select a Cluster >> Configure >> Virtual SAN >> iSCSI Targets

For each iSCSI Target select the item and click the pencil icon to open the edit dialog.

If the Authentication method is not set to "Mutual CHAP" and fully configured, this is a finding.

Check Content Reference

M

Target Key

4030

Comments