STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The vCenter Server users must have the correct roles assigned.

DISA Rule

SV-243107r719564_rule

Vulnerability Number

V-243107

Group Title

SRG-APP-000233

Rule Version

VCTR-67-000051

Severity

CAT II

CCI(s)

• CCI-001084 - The information system isolates security functions from nonsecurity functions.

Weight

10

Fix Recommendation

To create a new role with specific permissions:

From the vSphere Client, go to Administration >> Access Control >> Roles.

Click the plus sign, enter a name for the role, and select only the specific permissions required.

Users can then be assigned to the newly created role.

Check Contents

From the vSphere Client, go to Administration >> Access Control >> Roles.

View each role and verify the users and/or groups assigned to it.

or

From a PowerCLI command prompt while connected to the vCenter server, run the following command:

Get-VIPermission | Sort Role | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto

Application service account and user required privileges should be documented.

If any user or service account has more privileges than required, this is a finding.

Vulnerability Number

V-243107

Documentable

False

Rule Version

VCTR-67-000051

Severity Override Guidance

From the vSphere Client, go to Administration >> Access Control >> Roles.

View each role and verify the users and/or groups assigned to it.

or

From a PowerCLI command prompt while connected to the vCenter server, run the following command:

Get-VIPermission | Sort Role | Select Role,Principal,Entity,Propagate,IsGroup | FT -Auto

Application service account and user required privileges should be documented.

If any user or service account has more privileges than required, this is a finding.

Check Content Reference

M

Target Key

5399

Comments