Skip to content

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000480-VMM-002000

    <GroupDescription></GroupDescription>
    Group
  • The ESXi host must require TPM-based configuration encryption.

    &lt;VulnDiscussion&gt;An ESXi host's configuration consists of configuration files for each service that runs on the host. The configuration files ...
    Rule Medium Severity
  • SRG-OS-000480-VMM-002000

    <GroupDescription></GroupDescription>
    Group
  • The ESXi host must implement Secure Boot enforcement.

    &lt;VulnDiscussion&gt;Secure Boot is part of the UEFI firmware standard. With UEFI Secure Boot enabled, a host refuses to load any UEFI driver or a...
    Rule Medium Severity
  • SRG-OS-000480-VMM-002000

    <GroupDescription></GroupDescription>
    Group
  • The ESXi Common Information Model (CIM) service must be disabled.

    &lt;VulnDiscussion&gt;The CIM system provides an interface that enables hardware-level management from remote applications via a set of standard ap...
    Rule Medium Severity
  • SRG-OS-000478-VMM-001980

    <GroupDescription></GroupDescription>
    Group
  • The ESXi host SSH daemon must be configured to only use FIPS 140-2 validated ciphers.

    &lt;VulnDiscussion&gt;Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. ESXi must implemen...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules