STIGQter: STIG Summary: VMware vSphere 6.7 ESXi Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021: STIGQter: STIG Summary: VMware vSphere 6.7 ESXi Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:SV-239326r674907_rule
V-239326
SRG-OS-000480-VMM-002000
ESXI-67-000074
CAT I
10
From the vSphere Web Client, select the host and click Configure >> System >> Advanced System Settings.
Find the "UserVars.ESXiVPsDisabledProtocols" value and set it to the following:
tlsv1,tlsv1.1,sslv3
or
From a PowerCLI command prompt while connected to the ESXi host, run the following command:
Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols | Set-AdvancedSetting -Value "tlsv1,tlsv1.1,sslv3"
A host reboot is required for changes to take effect.
From the vSphere Web Client, select the host and click Configure >> System >> Advanced System Settings.
Find the "UserVars.ESXiVPsDisabledProtocols" value and verify that it is set to the following:
tlsv1,tlsv1.1,sslv3
If the value is not set as above or it does not exist, this is a finding.
or
From a PowerCLI command prompt while connected to the ESXi host, run the following command:
Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols
If the value returned is not "tlsv1,tlsv1.1,sslv3" or the setting does not exist, this is a finding.
V-239326
False
ESXI-67-000074
From the vSphere Web Client, select the host and click Configure >> System >> Advanced System Settings.
Find the "UserVars.ESXiVPsDisabledProtocols" value and verify that it is set to the following:
tlsv1,tlsv1.1,sslv3
If the value is not set as above or it does not exist, this is a finding.
or
From a PowerCLI command prompt while connected to the ESXi host, run the following command:
Get-VMHost | Get-AdvancedSetting -Name UserVars.ESXiVPsDisabledProtocols
If the value returned is not "tlsv1,tlsv1.1,sslv3" or the setting does not exist, this is a finding.
M
5326