STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The vCenter Server must have Mutual CHAP configured for vSAN iSCSI targets.

DISA Rule

SV-243120r719603_rule

Vulnerability Number

V-243120

Group Title

SRG-APP-000516

Rule Version

VCTR-67-000065

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

From the vSphere Client, go to Hosts and Clusters >> select a vSAN Enabled Cluster >> Configure >> vSAN >> iSCSI Target Service.

For each iSCSI target, select the item and click "Edit".

Change the "Authentication" field to "Mutual CHAP" and configure the incoming and outgoing users and secrets appropriately.

Check Contents

If no clusters are enabled for vSAN or if vSAN is enabled but iSCSI is not enabled, this is not applicable.

From the vSphere Client, go to Hosts and Clusters >> select a vSAN Enabled Cluster >> Configure >> vSAN >> iSCSI Target Service.

For each iSCSI target, review the value in the "Authentication" column.

If the Authentication method is not set to "CHAP_Mutual" for any iSCSI target, this is a finding.

Vulnerability Number

V-243120

Documentable

False

Rule Version

VCTR-67-000065

Severity Override Guidance

If no clusters are enabled for vSAN or if vSAN is enabled but iSCSI is not enabled, this is not applicable.

From the vSphere Client, go to Hosts and Clusters >> select a vSAN Enabled Cluster >> Configure >> vSAN >> iSCSI Target Service.

For each iSCSI target, review the value in the "Authentication" column.

If the Authentication method is not set to "CHAP_Mutual" for any iSCSI target, this is a finding.

Check Content Reference

M

Target Key

5399

Comments