VMware vSphere 7.0 ESXi Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000355-VMM-001330
Group -
SRG-OS-000366-VMM-001430
Group -
The ESXi Image Profile and vSphere Installation Bundle (VIB) acceptance levels must be verified.
Verify the ESXi Image Profile to only allow signed VIBs. An unsigned VIB represents untested code installed on an ESXi host. The ESXi Image profile supports four acceptance levels: 1. VMwareCerti...Rule High Severity -
SRG-OS-000423-VMM-001700
Group -
The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic.
While encrypted vMotion is available, vMotion traffic should still be sequestered from other traffic to further protect it from attack. This network must only be accessible to other ESXi hosts, pre...Rule Medium Severity -
SRG-OS-000423-VMM-001700
Group -
The ESXi host must protect the confidentiality and integrity of transmitted information by protecting ESXi management traffic.
The vSphere management network provides access to the vSphere management interface on each component. Services running on the management interface provide an opportunity for an attacker to gain pri...Rule Medium Severity -
SRG-OS-000423-VMM-001700
Group -
The ESXi host must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic.
Virtual machines (VMs) might share virtual switches and VLANs with the IP-based storage configurations. IP-based storage includes vSAN, iSCSI, and NFS. This configuration might expose IP-based stor...Rule Medium Severity -
SRG-OS-000480-VMM-002000
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.