Skip to content
Log In

VMware vSphere 7.0 VAMI Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000141-WSR-000083

    Group
    Show

  • VAMI must have resource mappings set to disable the serving of certain file types.

    Resource mapping is the process of tying a particular file type to a process in the web server that can serve that type of file to a requesting client and to identify which file types are not to be...
    Rule Medium Severity
    Show

  • SRG-APP-000141-WSR-000085

    Group
    Show

  • VAMI must not have the Web Distributed Authoring (WebDAV) servlet installed.

    A web server can be installed with functionality that, by its nature, is not secure. WebDAV is an extension to the HTTP protocol that, when developed, was meant to allow users to create, change, an...
    Rule Medium Severity
    Show

  • SRG-APP-000141-WSR-000086

    Group
    Show

  • SRG-APP-000176-WSR-000096

    Group
    Show

  • VAMI must protect the keystore from unauthorized access.

    The web server's private key is used to prove the identity of the server to clients and securely exchange the shared secret key used to encrypt communications between the web server and clients. By...
    Rule Medium Severity
    Show

  • SRG-APP-000246-WSR-000149

    Group
    Show

  • SRG-APP-000251-WSR-000157

    Group
    Show

  • VAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8.

    Invalid user input occurs when a user inserts data or characters into a hosted application's data entry field and the hosted application is unprepared to process that data. This results in unantici...
    Rule Medium Severity
    Show

  • SRG-APP-000266-WSR-000142

    Group
    Show

  • VAMI must disable directory browsing.

    The goal is to completely control the web user's experience in navigating any portion of the web document root directories. Ensuring all web content directories have at least the equivalent of an "...
    Rule Medium Severity
    Show

  • SRG-APP-000266-WSR-000159

    Group
    Show

  • SRG-APP-000266-WSR-000160

    Group
    Show

  • VAMI must have debug logging disabled.

    Information needed by an attacker to begin looking for possible vulnerabilities in a web server includes any information about the web server and plug-ins or modules being used. When debugging or t...
    Rule Medium Severity
    Show

  • SRG-APP-000435-WSR-000147

    Group
    Show

  • SRG-APP-000439-WSR-000156

    Group
    Show

  • VAMI must implement Transport Layer Security (TLS) 1.2 exclusively.

    TLS is a required transmission protocol for a web server hosting controlled information. The use of TLS provides confidentiality of data in transit between the web server and client. FIPS 140-2 app...
    Rule Medium Severity
    Show

  • SRG-APP-000516-WSR-000174

    Group
    Show

  • VAMI must force clients to select the most secure cipher.

    During a Transport Layer Security (TLS) session negotiation, when choosing a cipher during a handshake, normally the client's preference is used. This is potentially problematic as a malicious, da...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules