VMware NSX 4.x Manager NDM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The NSX Manager must disable SNMP v2.
SNMPv3 supports commercial-grade security, including authentication, authorization, access control, and privacy. Previous versions of the protocol contained well-known security weaknesses that were...Rule Medium Severity -
SRG-APP-000516-NDM-000317
Group -
SRG-APP-000435-NDM-000315
Group -
The NSX Manager must be configured as a cluster.
Failure in a known state can address safety or security in accordance with the mission needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, integrity,...Rule Medium Severity -
SRG-APP-000435-NDM-000315
Group -
The NSX Manager must configure logging levels for services to ensure audit records are generated.
Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or...Rule Medium Severity -
The NSX Manager must retain the Standard Mandatory DOD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log on for further access.
The banner must be acknowledged by the administrator prior to the device allowing the administrator access to the network device. This provides assurance that the administrator has seen the message...Rule Medium Severity -
The NSX Manager must be configured to integrate with an identity provider that supports multifactor authentication (MFA).
Common attacks against single-factor authentication are attacks on user passwords. These attacks include brute force password guessing, password spraying, and password credential stuffing. This req...Rule High Severity -
The NSX Manager must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.
Authentication for administrative (privileged level) access to the device is required at all times. An account can be created on the device's local database for use when the authentication server i...Rule Medium Severity -
The NSX Manager must enforce password complexity by requiring that at least one lowercase character be used for local accounts.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.