Detections
Analytics
ESXI-70-000070 - The ESXi host must not provide root/administrator-level access to Common Information Model (CIM)-based hardware monitoring tools or other third-party applications.
Information
The CIM system provides an interface that enables hardware-level management from remote applications via a set of standard application programming interfaces (APIs).In environments that implement CIM hardware monitoring, create a limited-privilege, read-only service account for CIM and place this user in the Exception Users list. When CIM write access is required, create a new role with only the 'Host.CIM.Interaction' permission and apply that role to the CIM service account.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
If write access is required, create a new role for the CIM service account:From the Host Client, go to Manage >> Security & Users.
Select 'Roles' and click 'Add role'.
Provide a name for the new role and select Host >> Cim >> Ciminteraction and click 'Add'.
Add a CIM service account:
From the Host Client, go to Manage >> Security & Users.
Select 'Users' and click 'Add user'.
Provide a name, description, and password for the new user and click 'Add'.
Assign the CIM service account permissions to the host with the new role:
From the Host Client, select the ESXi host, right-click, and go to 'Permissions'.
Click 'Add User', select the CIM service account from the drop-down list, and select either 'Read-only' or the role just created. Click 'Add User'.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y25M04_STIG.zip
Item Details
Audit Name: DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-256427r959010_rule, STIG-ID|ESXI-70-000070, Vuln-ID|V-256427
Plugin: VMware
Control ID: 6917103dd2699732940a6f2d5e5d3a9309b863166318fac08231f076872a032d