The vCenter Server must limit membership to the "TrustedAdmins" Single Sign-On (SSO) group.

An XCCDF Rule

Description

<VulnDiscussion>The vSphere "TrustedAdmins" group grants additional rights to administer the vSphere Trust Authority feature. To force accountability and nonrepudiation, the SSO group "TrustedAdmins" must be severely restricted.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-258957r934529_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

From the vSphere Client, go to Administration >> Single Sign On >> Users and Groups >> Groups.

Click the next page arrow until the "TrustedAdmins" group appears.

Click "TrustedAdmins".
Click the three vertical dots next to the name of each unauthorized account.

Select "Remove Member".

The vCenter Server must limit membership to the "TrustedAdmins" Single Sign-On (SSO) group.

Description

Remediation - Manual Procedure