STIGQter: STIG Summary: VMware vSphere 6.7 Virtual Machine Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

Encryption must be enabled for vMotion on the virtual machine.

DISA Rule

SV-242469r717088_rule

Vulnerability Number

V-242469

Group Title

SRG-OS-000480-VMM-002000

Rule Version

VMCH-67-000024

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

From the vSphere Client select the Virtual Machine, right click and go to Edit Settings >> VM Options Tab >> Encryption >> Encrypted vMotion. Set the value to "Opportunistic" or "Required".

Check Contents

From the vSphere Web Client select the Virtual Machine, right click and go to Edit Settings >> VM Options Tab >> Encryption >> Encrypted vMotion.

or

From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:

Get-VM | Where {($_.ExtensionData.Config.MigrateEncryption -ne "opportunistic") -and ($_.ExtensionData.Config.MigrateEncryption -ne "required")}

If the setting does not have a value of "Opportunistic" or "Required", this is a finding.

Vulnerability Number

V-242469

Documentable

False

Rule Version

VMCH-67-000024

Severity Override Guidance

From the vSphere Web Client select the Virtual Machine, right click and go to Edit Settings >> VM Options Tab >> Encryption >> Encrypted vMotion.

or

From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:

Get-VM | Where {($_.ExtensionData.Config.MigrateEncryption -ne "opportunistic") -and ($_.ExtensionData.Config.MigrateEncryption -ne "required")}

If the setting does not have a value of "Opportunistic" or "Required", this is a finding.

Check Content Reference

M

Target Key

5327

Comments