Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
VMware vSphere 8.0 Virtual Machine Security Technical Implementation Guide
SRG-OS-000480-VMM-002000
Virtual machines (VMs) must enable encryption for Fault Tolerance.
Virtual machines (VMs) must enable encryption for Fault Tolerance.
An XCCDF Rule
Details
Profiles
Prose
Virtual machines (VMs) must enable encryption for Fault Tolerance.
Medium Severity
<VulnDiscussion>Fault Tolerance log traffic can be encrypted. This could contain sensitive data from the protected machine's memory or CPU instructions. vSphere Fault Tolerance performs frequent checks between a primary VM and secondary VM so the secondary VM can quickly resume from the last successful checkpoint. The checkpoint contains the VM state that has been modified since the previous checkpoint. When Fault Tolerance is turned on, FT encryption is set to "Opportunistic" by default, which means it enables encryption only if both the primary and secondary host are capable of encryption.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>