DISA STIG VMware vSphere Virtual Machine 6.5 v2r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG VMware vSphere Virtual Machine 6.5 v2r1

Updated: 12/6/2023

Authority: DISA STIG

Plugin: VMware

Revision: 1.3

Estimated Item Count: 39

File Details

Filename: DISA_STIG_VMware_vSphere_Virtual_Machine_6.5_v2r1.audit

Size: 183 kB

MD5: 2267f5956eb2d6133cf4a6ab0b56c9e4
SHA256: d241682b79ff233e42ba900ec13db8cf2bf20fce5785721deab179dc3f8720a4

Audit Items

DescriptionCategories
VMCH-65-000001 - Copy operations must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000002 - Drag and drop operations must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000003 - GUI functionality for copy/paste operations must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000004 - Paste operations must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000005 - Virtual disk shrinking must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000006 - Virtual disk erasure must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000007 - Independent, non-persistent disks must be not be used on the virtual machine.

AUDIT AND ACCOUNTABILITY

VMCH-65-000008 - HGFS file transfers must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000009 - The unexposed feature keyword isolation.tools.ghi.autologon.disable must be set on the virtual machine.

ACCESS CONTROL

VMCH-65-000012 - The unexposed feature keyword isolation.tools.ghi.launchmenu.change must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000013 - The unexposed feature keyword isolation.tools.memSchedFakeSampleStats.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000014 - The unexposed feature keyword isolation.tools.ghi.protocolhandler.info.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000015 - The unexposed feature keyword isolation.ghi.host.shellAction.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000018 - The unexposed feature keyword isolation.tools.ghi.trayicon.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000019 - The unexposed feature keyword isolation.tools.unity.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000020 - The unexposed feature keyword isolation.tools.unityInterlockOperation.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000021 - The unexposed feature keyword isolation.tools.unity.push.update.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000022 - The unexposed feature keyword isolation.tools.unity.taskbar.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000023 - The unexposed feature keyword isolation.tools.unityActive.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000024 - The unexposed feature keyword isolation.tools.unity.windowContents.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000025 - The unexposed feature keyword isolation.tools.vmxDnDVersionGet.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000026 - The unexposed feature keyword isolation.tools.guestDnDVersionSet.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000028 - Unauthorized floppy devices must be disconnected on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000029 - Unauthorized CD/DVD devices must be disconnected on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000030 - Unauthorized parallel devices must be disconnected on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000031 - Unauthorized serial devices must be disconnected on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000032 - Unauthorized USB devices must be disconnected on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000033 - Console connection sharing must be limited on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000034 - Console access through the VNC protocol must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000036 - Informational messages from the virtual machine to the VMX file must be limited on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000037 - Unauthorized removal, connection and modification of devices must be prevented on the virtual machine.

ACCESS CONTROL

VMCH-65-000039 - The virtual machine must not be able to obtain host information from the hypervisor.

CONFIGURATION MANAGEMENT

VMCH-65-000040 - Shared salt values must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000041 - Access to virtual machines through the dvfilter network APIs must be controlled.

CONFIGURATION MANAGEMENT

VMCH-65-000042 - System administrators must use templates to deploy virtual machines whenever possible.
VMCH-65-000043 - Use of the virtual machine console must be minimized.
VMCH-65-000047 - The virtual machine guest operating system must be locked when the last console connection is closed.

CONFIGURATION MANAGEMENT

VMCH-65-000048 - 3D features on the virtual machine must be disabled when not required.

CONFIGURATION MANAGEMENT

VMCH-65-000049 - Encryption must be enabled for vMotion on the virtual machine.

SYSTEM AND COMMUNICATIONS PROTECTION