VMware vSphere 7.0 vCenter Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The vCenter Server must limit membership to the "TrustedAdmins" Single Sign-On (SSO) group.
The vSphere "TrustedAdmins" group grants additional rights to administer the vSphere Trust Authority feature. To force accountability and nonrepudiation, the SSO group "TrustedAdmins" must be seve...Rule Medium Severity -
SRG-APP-000516
Group -
SRG-APP-000516
Group -
vCenter task and event retention must be set to at least 30 days.
vCenter tasks and events contain valuable historical actions, useful in troubleshooting availability issues and for incident forensics. While vCenter events are sent to central log servers in real ...Rule Medium Severity -
SRG-APP-000516
Group -
vCenter Native Key Providers must be backed up with a strong password.
The vCenter Native Key Provider feature was introduced in U2 and acts as a key provider for encryption-based capabilities, such as encrypted virtual machines without requiring an external KMS solut...Rule Medium Severity -
The vCenter Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination using remote access.
Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks that exploit vulnerabilities in this protocol. Satisfies...Rule High Severity -
The vCenter Server must enforce the limit of three consecutive invalid login attempts by a user.
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the a...Rule Medium Severity -
The vCenter Server must display the Standard Mandatory DOD Notice and Consent Banner before login.
Display of the DOD-approved use notification before granting access to the application ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive ...Rule Medium Severity -
The vCenter Server must require multifactor authentication.
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentica...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.