VMware vSphere 7.0 Virtual Machine Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000480-VMM-002000
<GroupDescription></GroupDescription>Group -
Copy operations must be disabled on the virtual machine (VM).
<VulnDiscussion>Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to v...Rule Low Severity -
SRG-OS-000480-VMM-002000
<GroupDescription></GroupDescription>Group -
Drag and drop operations must be disabled on the virtual machine (VM).
<VulnDiscussion>Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to v...Rule Low Severity -
SRG-OS-000480-VMM-002000
<GroupDescription></GroupDescription>Group -
Paste operations must be disabled on the virtual machine (VM).
<VulnDiscussion>Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to v...Rule Low Severity -
SRG-OS-000480-VMM-002000
<GroupDescription></GroupDescription>Group -
Virtual disk shrinking must be disabled on the virtual machine (VM).
<VulnDiscussion>Shrinking a virtual disk reclaims unused space in it. If there is empty space in the disk, this process reduces the amount of...Rule Medium Severity -
SRG-OS-000480-VMM-002000
<GroupDescription></GroupDescription>Group -
Virtual disk wiping must be disabled on the virtual machine (VM).
<VulnDiscussion>Shrinking and wiping (erasing) a virtual disk reclaims unused space in it. If there is empty space in the disk, this process ...Rule Medium Severity -
SRG-OS-000480-VMM-002000
<GroupDescription></GroupDescription>Group -
Independent, nonpersistent disks must not be used on the virtual machine (VM).
<VulnDiscussion>The security issue with nonpersistent disk mode is that successful attackers, with a simple shutdown or reboot, might undo or...Rule Medium Severity -
SRG-OS-000480-VMM-002000
<GroupDescription></GroupDescription>Group -
Host Guest File System (HGFS) file transfers must be disabled on the virtual machine (VM).
<VulnDiscussion>Setting "isolation.tools.hgfsServerSet.disable" to "true" disables registration of the guest's HGFS server with the host. App...Rule Medium Severity -
SRG-OS-000480-VMM-002000
<GroupDescription></GroupDescription>Group -
Unauthorized floppy devices must be disconnected on the virtual machine (VM).
<VulnDiscussion>Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are...Rule Medium Severity -
SRG-OS-000480-VMM-002000
<GroupDescription></GroupDescription>Group -
Unauthorized CD/DVD devices must be disconnected on the virtual machine (VM).
<VulnDiscussion>Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are...Rule Low Severity -
SRG-OS-000480-VMM-002000
<GroupDescription></GroupDescription>Group -
Unauthorized parallel devices must be disconnected on the virtual machine (VM).
<VulnDiscussion>Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.