1.2 Ensure the Image Profile VIB acceptance level is configured properly


A VIB (vSphere Installation Bundle) is a collection of files that are packaged into an archive. The VIB contains
a signature file that is used to verify the level of trust. The ESXi Image Profile supports four VIB acceptance levels:

1. VMware Certified - VIBs created, tested, and signed by VMware
2. VMware Accepted - VIBs created by a VMware partner but tested and signed by
3. Partner Supported - VIBs created, tested, and signed by a certified VMware partner
4. Community Supported - VIBs that have not been tested by VMware or a VMware


The ESXi Image Profile should only allow signed VIBs because an unsigned VIB represents untested code installed on an ESXi host.
Also, use of unsigned VIBs will cause hypervisor Secure Boot to fail to configure. Community Supported VIBs do not have digital signatures.
To protect the security and integrity of your ESXi hosts, do not allow unsigned (CommunitySupported) VIBs to be installed on your hosts.


To implement the recommended configuration state, run the following PowerCLI
command-# Set the Software AcceptanceLevel for each host

Foreach ($VMHost in Get-VMHost ) {
$ESXCli = Get-EsxCli -VMHost $VMHost

See Also


Item Details


References: 800-53|CM-7(5), CSCv7|2.2

Plugin: Unix

Control ID: 09159b7419b204a69ff3c8d0dddf8923db8ff2c17f31b4a6e4ff9e43bf442373