STIGQter: STIG Summary: VMware Automation 7.x Application Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The vRealize Automation server must be configured to perform complete application deployments.

DISA Rule

SV-99779r1_rule

Vulnerability Number

V-89129

Group Title

SRG-APP-000225-AS-000153

Rule Version

VRAU-AP-000315

Severity

CAT II

CCI(s)

• CCI-001190 - The information system fails to an organization-defined known-state for organization-defined types of failures.

Weight

10

Fix Recommendation

Develop a site policy to ensure deployments are completed before allowing users to use the production environment.

Check Contents

Obtain the site configuration control policy from the ISSO.

Review site procedures to determine if a site policy exists to verify vRA installation after release into a production environment. The site policy should ensure that the installation was a complete application deployment before users are allowed to conduct business.

If a site policy does not exist or is not being followed, this is a finding.

Vulnerability Number

V-89129

Documentable

False

Rule Version

VRAU-AP-000315

Severity Override Guidance

Obtain the site configuration control policy from the ISSO.

Review site procedures to determine if a site policy exists to verify vRA installation after release into a production environment. The site policy should ensure that the installation was a complete application deployment before users are allowed to conduct business.

If a site policy does not exist or is not being followed, this is a finding.

Check Content Reference

M

Target Key

3447

Comments