DISA STIG VMware vSphere Virtual Machine 6.5 v2r1

Audit Details

Name: DISA STIG VMware vSphere Virtual Machine 6.5 v2r1

Updated: 4/25/2022

Authority: DISA STIG

Plugin: VMware

Revision: 1.1

Estimated Item Count: 39

File Details

Filename: DISA_STIG_VMware_vSphere_Virtual_Machine_6.5_v2r1.audit

Size: 184 kB

MD5: c4d3b6486bd050d6930ffc2628811e6a
SHA256: 4b4fa303400c86642b22af7a26bdfcc6cf6e62e99bf3f571ab80cf2112c3ed61

Audit Items

DescriptionCategories
VMCH-65-000001 - Copy operations must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000002 - Drag and drop operations must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000003 - GUI functionality for copy/paste operations must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000004 - Paste operations must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000005 - Virtual disk shrinking must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000006 - Virtual disk erasure must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000007 - Independent, non-persistent disks must be not be used on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000008 - HGFS file transfers must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000009 - The unexposed feature keyword isolation.tools.ghi.autologon.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000012 - The unexposed feature keyword isolation.tools.ghi.launchmenu.change must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000013 - The unexposed feature keyword isolation.tools.memSchedFakeSampleStats.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000014 - The unexposed feature keyword isolation.tools.ghi.protocolhandler.info.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000015 - The unexposed feature keyword isolation.ghi.host.shellAction.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000018 - The unexposed feature keyword isolation.tools.ghi.trayicon.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000019 - The unexposed feature keyword isolation.tools.unity.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000020 - The unexposed feature keyword isolation.tools.unityInterlockOperation.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000021 - The unexposed feature keyword isolation.tools.unity.push.update.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000022 - The unexposed feature keyword isolation.tools.unity.taskbar.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000023 - The unexposed feature keyword isolation.tools.unityActive.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000024 - The unexposed feature keyword isolation.tools.unity.windowContents.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000025 - The unexposed feature keyword isolation.tools.vmxDnDVersionGet.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000026 - The unexposed feature keyword isolation.tools.guestDnDVersionSet.disable must be set on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000028 - Unauthorized floppy devices must be disconnected on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000029 - Unauthorized CD/DVD devices must be disconnected on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000030 - Unauthorized parallel devices must be disconnected on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000031 - Unauthorized serial devices must be disconnected on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000032 - Unauthorized USB devices must be disconnected on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000033 - Console connection sharing must be limited on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000034 - Console access through the VNC protocol must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000036 - Informational messages from the virtual machine to the VMX file must be limited on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000037 - Unauthorized removal, connection and modification of devices must be prevented on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000039 - The virtual machine must not be able to obtain host information from the hypervisor.

CONFIGURATION MANAGEMENT

VMCH-65-000040 - Shared salt values must be disabled on the virtual machine.

CONFIGURATION MANAGEMENT

VMCH-65-000041 - Access to virtual machines through the dvfilter network APIs must be controlled.

CONFIGURATION MANAGEMENT

VMCH-65-000042 - System administrators must use templates to deploy virtual machines whenever possible.

CONFIGURATION MANAGEMENT

VMCH-65-000043 - Use of the virtual machine console must be minimized.

CONFIGURATION MANAGEMENT

VMCH-65-000047 - The virtual machine guest operating system must be locked when the last console connection is closed.

CONFIGURATION MANAGEMENT

VMCH-65-000048 - 3D features on the virtual machine must be disabled when not required.

CONFIGURATION MANAGEMENT

VMCH-65-000049 - Encryption must be enabled for vMotion on the virtual machine.

CONFIGURATION MANAGEMENT