The vCenter Server must use unique service accounts when applications connect to vCenter.
An XCCDF Rule
Description
<VulnDiscussion>To not violate nonrepudiation (i.e., deny the authenticity of who is connecting to vCenter), when applications need to connect to vCenter they must use unique service accounts.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-256358r885685_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
For applications sharing service accounts, create a new service account to assign to the application so that no application shares a service account with another.
When standing up a new application that requires access to vCenter, always create a new service account prior to installation and grant only the permissions needed for that application.