8.3.4 Ensure templates are used whenever possible to deploy VMs

Information

Use a hardened base operating system template image to create other, application-specific
templates and use the application-specific templates to deploy virtual machines.

*Rationale*

By capturing a hardened base operating system image (with no applications installed) in a
template, you can ensure that all your virtual machines are created with a known baseline
level of security. You can then use this template to create other, application-specific
templates, or you can use the application template to deploy virtual machines. Manual
installation of the OS and applications into a VM introduces the risk of misconfiguration
due to human or process error.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To change current practices so templates are used whenever possible to deploy VMs, perform whichever of the following steps is appropriate:

- Create templates and configure them properly
- Alter standard procedures and processes to use the templates

Also, ensure that the applications do not depend on information specific to the VM to be deployed.

See Also

https://workbench.cisecurity.org/files/2168

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-2, 800-53|CM-6, CSCv7|5.1, CSCv7|5.2

Plugin: VMware

Control ID: 2465e28a400ff0756986b36ba055a12c3df6cd9d44ebca7f57aa04b2a32d33cc