STIGQter: STIG Summary: VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections.

DISA Rule

SV-239716r679258_rule

Vulnerability Number

V-239716

Group Title

SRG-APP-000014-WSR-000006

Rule Version

VCLD-67-000002

Severity

CAT I

CCI(s)

• CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.
• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.
• CCI-002418 - The information system protects the confidentiality and/or integrity of transmitted information.

Weight

10

Fix Recommendation

Navigate to and open /etc/applmgmt/appliance/lighttpd.conf.

Add or reconfigure the following value:

ssl.cipher-list = "!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES"

Check Contents

At the command prompt, execute the following command:

# /opt/vmware/sbin/vami-lighttpd -p -f /opt/vmware/etc/lighttpd/lighttpd.conf|grep "ssl.cipher-list"

Expected result:

ssl.cipher-list = "!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES"

If the output does not match the expected result, this is a finding.

Vulnerability Number

V-239716

Documentable

False

Rule Version

VCLD-67-000002

Severity Override Guidance

At the command prompt, execute the following command:

# /opt/vmware/sbin/vami-lighttpd -p -f /opt/vmware/etc/lighttpd/lighttpd.conf|grep "ssl.cipher-list"

Expected result:

ssl.cipher-list = "!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES"

If the output does not match the expected result, this is a finding.

Check Content Reference

M

Target Key

5335

Comments