Check: VCTR-67-000073
VMware vSphere 6.7 vCenter STIG:
VCTR-67-000073
(in versions v1 r4 through v1 r1)
Title
The vCenter Server must minimize access to the vCenter server. (Cat II impact)
Discussion
After someone has logged in to the vCenter Server system, it becomes more difficult to prevent what they can do. In general, logging in to the vCenter Server system should be limited to very privileged administrators, and then only for the purpose of administering vCenter Server or the host OS. Anyone logged in to the vCenter Server can potentially cause harm, either intentionally or unintentionally, by altering settings and modifying processes. They also have potential access to vCenter credentials, such as the SSL certificate.
Check Content
Note: For vCenter Server Appliance, this is not applicable. Login to the vCenter server and verify the only local administrators group contains users and/or groups that contain vCenter Administrators. If the local administrators group contains users and/or groups that are not vCenter Administrators such as "Domain Admins", this is a finding.
Fix Text
Remove all unnecessary users and/or groups from the local administrators group of the vCenter server.
Additional Identifiers
Rule ID: SV-243128r879887_rule
Vulnerability ID: V-243128
Group Title: SRG-APP-000516
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |