SRG-OS-99999-ESXI5-000143 - The system must enable SSL for NFC.

Information

NFC (Network File Copy) is used to migrate or clone a VM between two ESXi hosts over the network. By default, SSL is used only for the authentication of the transfer, but SSL must also be enabled on the data transfer. Without this setting VM contents could potentially be sniffed if the management network is not adequately isolated and secured.

Solution

From the vSphere client select 'Administration >> vCenter Server Settings >> Advanced Settings'. Set 'config.nfc.useSSL = true'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_ESXi5_Server_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, Group-ID|V-39299, Rule-ID|SV-250660r798979_rule, STIG-ID|SRG-OS-99999-ESXI5-000143, STIG-Legacy|SV-51115, STIG-Legacy|V-39299, Vuln-ID|V-250660

Plugin: VMware

Control ID: ee359763b308b05d827cb24cb388e591c0358dee5306305431746d944f31c045