VMware vSphere 8.0 Virtual Machine Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Virtual machines (VMs) must prevent unauthorized removal, connection, and modification of devices.
In a virtual machine, users and processes without root or administrator privileges can connect or disconnect devices, such as network adaptors and CD-ROM drives, and can modify device settings. Use...Rule Medium Severity -
Virtual machines (VMs) must disable 3D features when not required.
For performance reasons, it is recommended that 3D acceleration be disabled on virtual machines that do not require 3D functionality (e.g., most server workloads or desktops not using 3D applicatio...Rule Low Severity -
Virtual machines (VMs) must enable encryption for vMotion.
vMotion migrations in vSphere 6.0 and earlier transferred working memory and CPU state information in clear text over the vMotion network. As of vSphere 6.5, this transfer can be transparently encr...Rule Medium Severity -
Virtual machines (VMs) must enable logging.
The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including, but not limited to, power events, system failure information, tools status and activi...Rule Medium Severity -
Virtual machines (VMs) must remove unneeded USB devices.
Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD/D...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules