The vCenter Server must limit membership to the "TrustedAdmins" Single Sign-On (SSO) group.

An XCCDF Rule

Details
Profiles

Description

The vSphere "TrustedAdmins" group grants additional rights to administer the vSphere Trust Authority feature. To force accountability and nonrepudiation, the SSO group "TrustedAdmins" must be severely restricted.

ID: SV-256371r885724_rule
Version: VCSA-70-000291
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

From the vSphere Client, go to Administration >> Single Sign On >> Users and Groups >> Groups.

Click the next page arrow until the "TrustedAdmins" group appears.

Click "TrustedAdmins".
Click the three vertical dots next to the name of each unauthorized account.

Select "Remove Member".

The vCenter Server must limit membership to the "TrustedAdmins" Single Sign-On (SSO) group.

Description

Remediation Templates

A Manual Procedure