| Checked | Name | Title |
|---|
| ☐ | SV-216825r612237_rule | The vCenter Server for Windows must prohibit password reuse for a minimum of five generations. |
| ☐ | SV-216826r612237_rule | The vCenter Server for Windows must not automatically refresh client sessions. |
| ☐ | SV-216827r612237_rule | The vCenter Server for Windows must enforce a 60-day maximum password lifetime restriction. |
| ☐ | SV-216828r612237_rule | The vCenter Server for Windows must terminate management sessions after 10 minutes of inactivity. |
| ☐ | SV-216829r612237_rule | The vCenter Server for Windows users must have the correct roles assigned. |
| ☐ | SV-216830r612237_rule | The vCenter Server for Windows must manage excess capacity, bandwidth, or other redundancy to limit the effects of information-flooding types of Denial of Service (DoS) attacks by enabling Network I/O Control (NIOC). |
| ☐ | SV-216831r612237_rule | The vCenter Server for Windows must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events. |
| ☐ | SV-216832r612237_rule | The vCenter Server for Windows must use Active Directory authentication. |
| ☐ | SV-216833r612237_rule | The vCenter Server for Windows must limit the use of the built-in SSO administrative account. |
| ☐ | SV-216834r612237_rule | The vCenter Server for Windows must disable the distributed virtual switch health check. |
| ☐ | SV-216835r612237_rule | The vCenter Server for Windows must set the distributed port group Forged Transmits policy to reject. |
| ☐ | SV-216836r612237_rule | The vCenter Server for Windows must set the distributed port group MAC Address Change policy to reject. |
| ☐ | SV-216837r612237_rule | The vCenter Server for Windows must set the distributed port group Promiscuous Mode policy to reject. |
| ☐ | SV-216838r612237_rule | The vCenter Server for Windows must only send NetFlow traffic to authorized collectors. |
| ☐ | SV-216839r612237_rule | The vCenter Server for Windows must not override port group settings at the port level on distributed switches. |
| ☐ | SV-216840r612237_rule | The vCenter Server for Windows must configure all port groups to a value other than that of the native VLAN. |
| ☐ | SV-216841r612237_rule | The vCenter Server for Windows must configure all port groups to VLAN 4095 unless Virtual Guest Tagging (VGT) is required. |
| ☐ | SV-216842r612237_rule | The vCenter Server for Windows must not configure all port groups to VLAN values reserved by upstream physical switches. |
| ☐ | SV-216843r612237_rule | The vCenter Server for Windows must enable SSL for Network File Copy (NFC). |
| ☐ | SV-216844r612237_rule | The vCenter Server for Windows services must be ran using a service account instead of a built-in Windows account. |
| ☐ | SV-216845r612237_rule | The vCenter Server for Windows must configure the vpxuser auto-password to be changed every 30 days. |
| ☐ | SV-216846r612237_rule | The vCenter Server for Windows must configure the vpxuser password meets length policy. |
| ☐ | SV-216847r612237_rule | The vCenter Server for Windows must disable the managed object browser at all times, when not required for the purpose of troubleshooting or maintenance of managed objects. |
| ☐ | SV-216848r612237_rule | The vCenter Server for Windows must check the privilege re-assignment after restarts. |
| ☐ | SV-216849r612237_rule | The vCenter Server for Windows must minimize access to the vCenter server. |
| ☐ | SV-216850r612237_rule | The vCenter Server for Windows Administrators must clean up log files after failed installations. |
| ☐ | SV-216851r612237_rule | The vCenter Server for Windows must enable all tasks to be shown to Administrators in the Web Client. |
| ☐ | SV-216852r612237_rule | The vCenter Server for Windows Administrator role must be secured and assigned to specific users other than a Windows Administrator. |
| ☐ | SV-216853r612237_rule | The vCenter Server for Windows must restrict the connectivity between Update Manager and public patch repositories by use of a separate Update Manager Download Server. |
| ☐ | SV-216854r612237_rule | The vCenter Server for Windows must use a least-privileges assignment for the Update Manager database user. |
| ☐ | SV-216855r612237_rule | The vCenter Server for Windows must use a least-privileges assignment for the vCenter Server database user. |
| ☐ | SV-216856r612237_rule | The vCenter Server for Windows must use unique service accounts when applications connect to vCenter. |
| ☐ | SV-216857r612237_rule | vCenter Server for Windows plugins must be verified. |
| ☐ | SV-216858r612237_rule | The vCenter Server for Windows must produce audit records containing information to establish what type of events occurred. |
| ☐ | SV-216859r612237_rule | The vCenter Server for Windows passwords must be at least 15 characters in length. |
| ☐ | SV-216860r612237_rule | The vCenter Server for Windows passwords must contain at least one uppercase character. |
| ☐ | SV-216861r612237_rule | The vCenter Server for Windows passwords must contain at least one lowercase character. |
| ☐ | SV-216862r612237_rule | The vCenter Server for Windows passwords must contain at least one numeric character. |
| ☐ | SV-216863r612237_rule | The vCenter Server for Windows passwords must contain at least one special character. |
| ☐ | SV-216864r612237_rule | The vCenter Server for Windows must limit the maximum number of failed login attempts to three. |
| ☐ | SV-216865r612237_rule | The vCenter Server for Windows must set the interval for counting failed login attempts to at least 15 minutes. |
| ☐ | SV-216866r612237_rule | The vCenter Server for Windows must require an administrator to unlock an account locked due to excessive login failures. |
| ☐ | SV-216867r612237_rule | The vCenter Server for Windows must alert administrators on permission creation operations. |
| ☐ | SV-216868r612237_rule | The vCenter Server for Windows must alert administrators on permission deletion operations. |
| ☐ | SV-216869r612237_rule | The vCenter Server for Windows must alert administrators on permission update operations. |
| ☐ | SV-216870r612237_rule | The vCenter Server for Windows users must have the correct roles assigned. |
| ☐ | SV-216871r612237_rule | The vCenter Server for Windows must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic. |
| ☐ | SV-216872r612237_rule | The vCenter Server for Windows must enable the vSAN Health Check. |
| ☐ | SV-216873r612237_rule | The vCenter Server for Windows must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. |
| ☐ | SV-216874r612237_rule | The vCenter Server for Windows must configure the vSAN Datastore name to a unique name. |
| ☐ | SV-216875r612237_rule | The vCenter Server for Windows users must have the correct roles assigned. |
| ☐ | SV-216876r612237_rule | The vCenter Server for Windows must enable TLS 1.2 exclusively. |
| ☐ | SV-216877r612237_rule | The vCenter Server for Windows reverse proxy must use DoD approved certificates. |
| ☐ | SV-216878r612237_rule | The vCenter Server for Windows must enable certificate based authentication. |
| ☐ | SV-216879r612237_rule | The vCenter Server for Windows must enable revocation checking for certificate based authentication. |
| ☐ | SV-216880r612237_rule | The vCenter Server for Windows must disable Password and Windows integrated authentication. |
| ☐ | SV-216881r612237_rule | The vCenter Server for Windows must enable Login banner for vSphere web client. |
| ☐ | SV-216882r612237_rule | The vCenter Server for Windows must restrict access to cryptographic role. |
| ☐ | SV-216883r612237_rule | The vCenter Server for Windows must restrict access to cryptographic permissions. |
| ☐ | SV-216884r612237_rule | The vCenter Server for Windows must have Mutual CHAP configured for vSAN iSCSI targets. |
| ☐ | SV-216885r612237_rule | The vCenter Server for Windows must have new Key Encryption Keys (KEKs) re-issued at regular intervals for vSAN encrypted datastore(s). |
| ☐ | SV-216886r612237_rule | The vCenter Server for Windows must disable the Customer Experience Improvement Program (CEIP). |
| ☐ | SV-216887r612237_rule | The vCenter Server for Windows must use LDAPS when adding an SSO identity source. |
| ☐ | SV-216888r612237_rule | The vCenter Server for Windows must use a limited privilege account when adding an LDAP identity source. |
| ☐ | SV-216889r612237_rule | The vCenter Server for Windows must disable SNMPv1. |
STIGQter: STIG Summary: