VMware vSphere 7.0 ESXi Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000027-VMM-000080
Group -
Access to the ESXi host must be limited by enabling lockdown mode.
Enabling lockdown mode disables direct access to an ESXi host, requiring the host to be managed remotely from vCenter Server. This is done to ensure the roles and access controls implemented in vCe...Rule Medium Severity -
SRG-OS-000480-VMM-002000
Group -
The ESXi host must verify the DCUI.Access list.
Lockdown mode disables direct host access, requiring that administrators manage hosts from vCenter Server. However, if a host becomes isolated from vCenter, the administrator is locked out and can ...Rule Medium Severity -
SRG-OS-000480-VMM-002000
Group -
The ESXi host must verify the exception users list for lockdown mode.
While a host is in lockdown mode (strict or normal), only users on the "Exception Users" list are allowed access. These users do not lose their permissions when the host enters lockdown mode. The...Rule Medium Severity -
SRG-OS-000032-VMM-000130
Group -
SRG-OS-000021-VMM-000050
Group -
The ESXi host must enforce the limit of three consecutive invalid logon attempts by a user.
By limiting the number of failed logon attempts, the risk of unauthorized access via user password guessing, otherwise known as brute forcing, is reduced. Once the configured number of attempts is ...Rule Medium Severity -
SRG-OS-000329-VMM-001180
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules