Check: VCTR-67-000010
VMware vSphere 6.7 vCenter STIG:
VCTR-67-000010
(in versions v1 r2 through v1 r1)
Title
The vCenter Server must limit the use of the built-in SSO administrative account. (Cat II impact)
Discussion
Use of the SSO administrator account should be limited as it is a shared account and individual accounts must be used wherever possible.
Check Content
Verify the built-in SSO administrator account is only used for emergencies and situations where it is the only option due to permissions. If the built-in SSO administrator account is used for daily operations or there is no policy restricting its use, this is a finding.
Fix Text
Develop a policy to limit the use of the built-in SSO administrator account.
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000770 |
The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| IA-2 (5) |
Group Authentication |