STIGQter: STIG Summary: VMware Automation 7.x Application Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The application server must use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates.

DISA Rule

SV-99785r1_rule

Vulnerability Number

V-89135

Group Title

SRG-APP-000514-AS-000137

Rule Version

VRAU-AP-000645

Severity

CAT II

CCI(s)

• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

10

Fix Recommendation

Configure vRA to use Smart Card Authentication with the following steps:

1. Set up smart card infrastructure as per VMware documentation, if required.
2. In vRA, go to Administration >> Directories Management >> Identity Providers.
3. Add the identity provider used for smart card authentication.
4. In vRA, go to Administration >> Directories Management >> Policies.
5. Edit default policy and change authentication method to "certificate".

Check Contents

Verify that Smart Card Authentication is in use with the following steps:

1. In vRA, go to Administration >> Directories Management >> Identity Providers.
2. Verify that the identity provider listed is the identity provider used for smart card authentication.
3. In vRA, go to Administration >> Directories Management >> Policies.
4. Verify that the default policy authentication method is set to "certificate".

If the identity provider listed is not that used for smart card authentication, this is a finding.

If the default policy authentication method is not set to "certificate", this is a finding.

Vulnerability Number

V-89135

Documentable

False

Rule Version

VRAU-AP-000645

Severity Override Guidance

Verify that Smart Card Authentication is in use with the following steps:

1. In vRA, go to Administration >> Directories Management >> Identity Providers.
2. Verify that the identity provider listed is the identity provider used for smart card authentication.
3. In vRA, go to Administration >> Directories Management >> Policies.
4. Verify that the default policy authentication method is set to "certificate".

If the identity provider listed is not that used for smart card authentication, this is a finding.

If the default policy authentication method is not set to "certificate", this is a finding.

Check Content Reference

M

Target Key

3447

Comments