DISA STIG VMware vSphere 7.0 VAMI v1r2

Audit Details

Name: DISA STIG VMware vSphere 7.0 VAMI v1r2

Updated: 8/22/2023

Authority: DISA STIG

Plugin: Unix

Revision: 1.0

Estimated Item Count: 34

File Details

Filename: DISA_STIG_VMware_vSphere_7.0_VAMI-lighttpd_v1r2.audit

Size: 78.8 kB

MD5: 07218a65e662c02efd87529135024610

SHA256: 4e76d4f83b55dbd46e0151d25f165d979b059151e6cae148fe7d380f09367849

Audit Items

Description	Categories
DISA_STIG_VMware_vSphere_7.0_VAMI_v1r2.audit from DISA VMware vSphere 7.0 VAMI v1r2 STIG
VCLD-70-000001 - VAMI must limit the number of simultaneous requests.	ACCESS CONTROL
VCLD-70-000002 - VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections.	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION
VCLD-70-000003 - VAMI must use cryptography to protect the integrity of remote sessions.	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
VCLD-70-000004 - VAMI must be configured to monitor remote access.	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
VCLD-70-000005 - VAMI must generate log records for system startup and shutdown.	AUDIT AND ACCOUNTABILITY
VCLD-70-000006 - VAMI must produce log records containing sufficient information to establish what type of events occurred.	AUDIT AND ACCOUNTABILITY
VCLD-70-000007 - VAMI log files must only be accessible by privileged users.	AUDIT AND ACCOUNTABILITY
VCLD-70-000008 - The rsyslog must be configured to monitor VAMI logs.	AUDIT AND ACCOUNTABILITY
VCLD-70-000009 - VAMI server binaries and libraries must be verified for their integrity.	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
VCLD-70-000010 - VAMI must only load allowed server modules	CONFIGURATION MANAGEMENT
VCLD-70-000011 - VAMI must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled	CONFIGURATION MANAGEMENT
VCLD-70-000012 - VAMI must explicitly disable Multipurpose Internet Mail Extensions (MIME) mime mappings based on 'Content-Type'.	CONFIGURATION MANAGEMENT
VCLD-70-000013 - VAMI must remove all mappings to unused scripts. - cgi	CONFIGURATION MANAGEMENT
VCLD-70-000013 - VAMI must remove all mappings to unused scripts. - py	CONFIGURATION MANAGEMENT
VCLD-70-000014 - VAMI must have resource mappings set to disable the serving of certain file types.	CONFIGURATION MANAGEMENT
VCLD-70-000015 - VAMI must not have the Web Distributed Authoring (WebDAV) servlet installed.	CONFIGURATION MANAGEMENT
VCLD-70-000016 - VAMI must prevent hosted applications from exhausting system resources	CONFIGURATION MANAGEMENT
VCLD-70-000017 - VAMI must protect the keystore from unauthorized access - MIME that invoke OS shell programs disabled.	IDENTIFICATION AND AUTHENTICATION
VCLD-70-000018 - VAMI must protect against or limit the effects of HTTP types of denial-of-service (DoS) attacks - Content-Type.	SYSTEM AND COMMUNICATIONS PROTECTION
VCLD-70-000019 - VAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8 - cgi	SYSTEM AND INFORMATION INTEGRITY
VCLD-70-000019 - VAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8 - erb	SYSTEM AND INFORMATION INTEGRITY
VCLD-70-000019 - VAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8 - pl	SYSTEM AND INFORMATION INTEGRITY
VCLD-70-000019 - VAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8 - py	SYSTEM AND INFORMATION INTEGRITY
VCLD-70-000019 - VAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8 - rb	SYSTEM AND INFORMATION INTEGRITY
VCLD-70-000020 - VAMI must disable directory browsing.	SYSTEM AND INFORMATION INTEGRITY
VCLD-70-000021 - VAMI must not be configured to use 'mod_status' - WebDAV servlet installed.	SYSTEM AND INFORMATION INTEGRITY
VCLD-70-000022 - VAMI must have debug logging disabled.	SYSTEM AND INFORMATION INTEGRITY
VCLD-70-000023 - VAMI must be protected from being stopped by a nonprivileged user.	SYSTEM AND COMMUNICATIONS PROTECTION
VCLD-70-000024 - VAMI must implement Transport Layer Security (TLS) 1.2 exclusively.	SYSTEM AND COMMUNICATIONS PROTECTION
VCLD-70-000025 - VAMI must force clients to select the most secure cipher.	CONFIGURATION MANAGEMENT
VCLD-70-000026 - VAMI must disable client-initiated Transport Layer Security (TLS) renegotiation.	CONFIGURATION MANAGEMENT
VCLD-70-000027 - VAMI must be configured to hide the server type and version in client responses - DoS attacks.	SYSTEM AND INFORMATION INTEGRITY
VCLD-70-000056 - VAMI must enable FIPS mode.	IDENTIFICATION AND AUTHENTICATION

Detections

Analytics

DISA STIG VMware vSphere 7.0 VAMI v1r2

Audit Details

File Details

Audit Items