8.2.1 Ensure unnecessary floppy devices are disconnected

Information

Ensure that no floppy device is connected to a virtual machine unless required. For a floppy
device to be disconnected, the floppyX.present parameter should either not be present or
have a value of FALSE.

*Rationale*

Removing unnecessary hardware devices can reduce the number of potential attack channels and help prevent attacks.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

To implement the recommended configuration state, run the following PowerCLI
command-

# Remove all Floppy drives attached to VMs
Get-VM | Get-FloppyDrive | Remove-FloppyDrive.

See Also

https://workbench.cisecurity.org/files/2168

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4, CSCv7|9.2

Plugin: VMware

Control ID: 76a8f70c97f9089f5cf5df21f5f619a02493ba28739979a7706d0d917fee79eb