8.3.1 Ensure unnecessary or superfluous functions inside VMs are disabled


Disable all system components that are not needed to support the application or service running on the VM. VMs often don't require as many functions as ordinary physical servers, so when virtualizing, you should evaluate whether a particular function is truly needed.


By disabling unnecessary system components, you reduce the number of potential attack vectors, which reduces the likelihood of compromise.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


To disable unneeded functions, perform whichever of the following steps are applicable:

Disable unused services in the operating system.

Disconnect unused physical devices, such as CD/DVD drives, floppy drives, and USB adaptors.

Turn off any screen savers.

If using a Linux, BSD, or Solaris guest operating system, do not run the X Windows system unless it is necessary.

See Also