Check: VCTR-67-000009
VMware vSphere 6.7 vCenter STIG:
VCTR-67-000009
(in versions v1 r2 through v1 r1)
Title
The vCenter Server must implement Active Directory authentication. (Cat II impact)
Discussion
The vCenter Server must ensure users are authenticated with an individual authenticator prior to using a group authenticator. Using Active Directory for authentication provides more robust account management capabilities.
Check Content
From the vSphere Web Client, go to Administration >> Single Sign-On >> Configuration. Click the "Identity Sources" tab. If there is no identity source of type "Active Directory" (either Windows Integrated Authentication or LDAP), this is a finding.
Fix Text
From the vSphere Web Client go to Administration >> Single Sign-On >> Configuration. Click the "Add identity source". Select either "Active Directory over LDAP" or "Active Directory (Windows Integrated Authentication)" and configure appropriately. Note: Windows Integrated Authentication requires that the vCenter server be joined to AD before configuration via Administration >> Single Sign-On >> Configuration >> Active Directory Domain.
Additional Identifiers
Rule ID: SV-243079r719480_rule
Vulnerability ID: V-243079
Group Title: SRG-APP-000153
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000770 |
The organization requires individuals to be authenticated with an individual authenticator when a group authenticator is employed. |
Controls
Number | Title |
---|---|
IA-2 (5) |
Group Authentication |