The vCenter Server must use unique service accounts when applications connect to vCenter.

An XCCDF Rule

Description

<VulnDiscussion>To not violate nonrepudiation (i.e., deny the authenticity of who is connecting to vCenter), when applications need to connect to vCenter they must use unique service accounts.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-258945r961863_rule
Severity: Medium
References: CCI-000366
Updated: 20 days ago

For applications sharing service accounts, create a new service account to assign to the application so that no application shares a service account with another.

When standing up a new application that requires access to vCenter, always create a new service account prior to installation and grant only the permissions needed for that application.

The vCenter Server must use unique service accounts when applications connect to vCenter.

Description

Remediation - Manual Procedure