STIGQter: STIG Summary: VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The vCenter Server for Windows must have new Key Encryption Keys (KEKs) re-issued at regular intervals for vSAN encrypted datastore(s).

DISA Rule

SV-216885r612237_rule

Vulnerability Number

V-216885

Group Title

SRG-APP-000516

Rule Version

VCWN-65-000066

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

If vSAN encryption is in use, ensure that a regular re-key procedure is in place.

Check Contents

Interview the SA to determine that a procedure has been put in place to perform a shallow re-key of all vSAN encrypted datastores at regular, site defined intervals.

VMware recommends a 60-day re-key task but this interval must be defined by the SA and the ISSO.

If vSAN encryption is not in use, this is not a finding.

Vulnerability Number

V-216885

Documentable

False

Rule Version

VCWN-65-000066

Severity Override Guidance

Interview the SA to determine that a procedure has been put in place to perform a shallow re-key of all vSAN encrypted datastores at regular, site defined intervals.

VMware recommends a 60-day re-key task but this interval must be defined by the SA and the ISSO.

If vSAN encryption is not in use, this is not a finding.

Check Content Reference

M

Target Key

4030

Comments