Check: VCTR-67-000009
VMware vSphere 6.7 vCenter STIG:
VCTR-67-000009
(in versions v1 r4 through v1 r3)
Title
The vCenter Server must implement Active Directory authentication. (Cat II impact)
Discussion
The vCenter Server must ensure users are authenticated with an individual authenticator prior to using a group authenticator. Using Active Directory for authentication provides more robust account management capabilities.
Check Content
From the vSphere Web Client, go to Administration >> Single Sign-On >> Configuration. Click the "Identity Sources" tab. If there is no identity source of type "Active Directory", this is a finding.
Fix Text
From the vSphere Web Client go to Administration >> Single Sign-On >> Configuration. Click the "Add identity source". Select either "Active Directory over LDAP" or "Active Directory" and configure appropriately. Note: Windows Integrated Authentication requires that the vCenter server be joined to AD before configuration via Administration >> Single Sign-On >> Configuration >> Active Directory Domain.
Additional Identifiers
Rule ID: SV-243079r879594_rule
Vulnerability ID: V-243079
Group Title: SRG-APP-000153
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000770 |
The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed. |
Controls
Number | Title |
---|---|
IA-2 (5) |
Group Authentication |