The vCenter Server must restrict access to cryptographic permissions.

An XCCDF Rule

Details
Profiles

Description

These permissions must be reserved for cryptographic administrators where virtual machine encryption and/or vSAN encryption is in use. Catastrophic data loss can result from poorly administered cryptography.

ID: SV-258952r934514_rule
Version: VCSA-80-000285
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

From the vSphere Client, go to Administration >> Access Control >> Roles.

Highlight the target custom role and click "Edit".

Remove the following permissions from any custom role that is not authorized to perform cryptographic related operations:
Cryptographic Operations privileges
Global.Diagnostics
Host.Inventory.Add host to cluster
Host.Inventory.Add standalone host
Host.Local operations.Manage user groups

The vCenter Server must restrict access to cryptographic permissions.

Description

Remediation Templates

A Manual Procedure