VMware vSphere 8.0 Virtual Machine Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Virtual machines (VMs) must disable DirectPath I/O devices when not required.
VMDirectPath I/O (PCI passthrough) enables direct assignment of hardware PCI functions to VMs. This gives the VM access to the PCI functions with minimal intervention from the ESXi host. This is a ...Rule Medium Severity -
Virtual machines (VMs) must have drag and drop operations disabled.
Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is correct. Copy, paste, drag and drop, or GUI copy/p...Rule Low Severity -
Virtual machines (VMs) must have virtual disk shrinking disabled.
Shrinking a virtual disk reclaims unused space in it. If there is empty space in the disk, this process reduces the amount of space the virtual disk occupies on the host drive. Normal users and pro...Rule Medium Severity -
Virtual machines (VMs) must limit console sharing.
By default, more than one user at a time can connect to remote console sessions. When multiple sessions are activated, each terminal window receives a notification about the new session. If an admi...Rule Medium Severity -
Virtual machines (VMs) must limit informational messages from the virtual machine to the VMX file.
The configuration file containing these name-value pairs is limited to a size of 1MB. If not limited, VMware tools in the guest operating system are capable of sending a large and continuous data s...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules