VMware vSphere 7.0 ESXi Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The ESXi host OpenSLP service must be disabled.
OpenSLP implements the Service Location Protocol to help CIM clients discover CIM servers over TCP 427. This service is not widely needed and has had vulnerabilities exposed in the past. To reduce ...Rule Medium Severity -
The ESXi host must enable volatile key destruction.
By default, pages allocated for virtual machines (VMs), userspace applications, and kernel threads are zeroed out at allocation time. ESXi will always ensure that no nonzero pages are exposed to VM...Rule Medium Severity -
The ESXi host must not be configured to override virtual machine (VM) configurations.
Each VM on an ESXi host runs in its own "vmx" process. Upon creation, a vmx process will look in two locations for configuration items, the ESXi host itself and the per-vm *.vmx file in the VM stor...Rule Medium Severity -
The ESXi host must not be configured to override virtual machine (VM) logger settings.
Each VM on an ESXi host runs in its own "vmx" process. Upon creation, a vmx process will look in two locations for configuration items, the ESXi host itself and the per-vm *.vmx file in the VM stor...Rule Medium Severity -
The ESXi host SSH daemon must be configured to only use FIPS 140-2 validated ciphers.
Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. ESXi must implement cryptographic modules adhering to the higher standards approved by the...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules