STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The vCenter Server must use unique service accounts when applications connect to vCenter.

DISA Rule

SV-243096r719531_rule

Vulnerability Number

V-243096

Group Title

SRG-APP-000516

Rule Version

VCTR-67-000034

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

For applications sharing service accounts, create a new service account to assign to the application so that no application shares a service account with another.

When standing up a new application that requires access to vCenter, always create a new service account prior to installation and grant only the permissions needed for that application.

Check Contents

Verify that each external application that connects to vCenter has a unique service account dedicated to that application.

For example, there should be separate accounts for Log Insight, Operations Manager, or anything else that requires an account to access vCenter.

If any application shares a service account that is used to connect to vCenter, this is a finding.

Vulnerability Number

V-243096

Documentable

False

Rule Version

VCTR-67-000034

Severity Override Guidance

Verify that each external application that connects to vCenter has a unique service account dedicated to that application.

For example, there should be separate accounts for Log Insight, Operations Manager, or anything else that requires an account to access vCenter.

If any application shares a service account that is used to connect to vCenter, this is a finding.

Check Content Reference

M

Target Key

5399

Comments