ESXI-65-000071 - The ESXi host must verify the integrity of the installation media before installing ESXi.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Always check the SHA1 or MD5 hash after downloading an ISO, offline bundle, or patch to ensure integrity and authenticity of the downloaded files.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If the hash returned from the md5sum or sha1sum commands do not match the vendor's hash, the downloaded software must be discarded.

If the physical media is obtained from VMware and the security seal is broken, the software must be returned to VMware for replacement.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y21M10_STIG.zip

Item Details

References: CAT|I, CCI|CCI-000366, Rule-ID|SV-207669r388482_rule, STIG-ID|ESXI-65-000071, STIG-Legacy|SV-104307, STIG-Legacy|V-94477, Vuln-ID|V-207669

Plugin: VMware

Control ID: 37ae4d6e0ae2388c5d89170f53fe391d28277f9d5af7a8c77035f4353000b4bb