Detections
Analytics

VM: vm-8.ft-encrypted

Information

Virtual machines must require encryption for Fault Tolerance. Requiring encryption for Fault Tolerance in VMs ensures secure data transmission. While the default 'opportunistic' encryption likely results in encryption due to ubiquitous AES-NI support in vSphere-compatible hardware, enforcing 'required' encryption guarantees no unencrypted operations.

Solution

$VMview = Get-VM -Name $VM | Get-View
$ConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
$ConfigSpec.FtEncryptionMode = New-object VMware.Vim.VirtualMachineConfigSpecEncryptedFtModes
$ConfigSpec.FtEncryptionMode = "ftEncryptionRequired"
$VMview.ReconfigVM_Task($ConfigSpec)

See Also

https://github.com/vmware/vcf-security-and-compliance-guidelines/raw/refs/heads/main/security-configuration-hardening-guide/vsphere/8.0/

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CCI|CCI-000366

Plugin: VMware

Control ID: dc4cd7126f223fdd5eb72268f1564bd130219d6f272211fe9c74891c1bc6efaf