VMware vSphere 7.0 vCenter Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The vCenter Server must compare internal information system clocks at least every 24 hours with an authoritative time server.
Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when condu...Rule Medium Severity -
The vCenter Server must require an administrator to unlock an account locked due to excessive login failures.
By requiring that Single Sign-On (SSO) accounts be unlocked manually, the risk of unauthorized access via user password guessing, otherwise known as brute forcing, is reduced. When the account unlo...Rule Medium Severity -
The vCenter Server must only send NetFlow traffic to authorized collectors.
The distributed virtual switch can export NetFlow information about traffic crossing the switch. NetFlow exports are not encrypted and can contain information about the virtual network, making it e...Rule Medium Severity -
The vCenter Server must configure the "vpxuser" password to meet length policy.
The "vpxuser" password default length is 32 characters. Ensure this setting meets site policies; if not, configure to meet password length policies. Longer passwords make brute-force password atta...Rule Medium Severity -
The vCenter Server must protect the confidentiality and integrity of transmitted information by isolating Internet Protocol (IP)-based storage traffic.
Virtual machines might share virtual switches and virtual local area networks (VLAN) with the IP-based storage configurations. IP-based storage includes vSAN, Internet Small Computer System Inter...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.