Skip to content

VMware vSphere 8.0 vCenter Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The vCenter Server must not override port group settings at the port level on distributed switches.

    &lt;VulnDiscussion&gt;Port-level configuration overrides are disabled by default. Once enabled, this allows for different security settings to be s...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The vCenter Server must reset port configuration when virtual machines are disconnected.

    &lt;VulnDiscussion&gt;Port-level configuration overrides are disabled by default. Once enabled, this allows for different security settings to be s...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The vCenter Server must disable Secure Shell (SSH) access.

    &lt;VulnDiscussion&gt;vCenter Server is delivered as an appliance, and intended to be managed through the VAMI, vSphere Client, and APIs. SSH is a ...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • The vCenter Server must enable data in transit encryption for vSAN.

    &lt;VulnDiscussion&gt;Transit encryption must be enabled to prevent unauthorized disclosure information and to protect the confidentiality of organ...
    Rule Medium Severity
  • SRG-APP-000014

    <GroupDescription></GroupDescription>
    Group
  • The vCenter Server must use DOD-approved encryption to protect the confidentiality of network sessions.

    &lt;VulnDiscussion&gt;Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and u...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules