VMware vSphere 6.7 vCenter STIG Version Comparison
VMware vSphere 6.7 vCenter Security Technical Implementation Guide
Comparison
There are 11 differences between versions v1 r1 (March 9, 2021) (the "left" version) and v1 r2 (Feb. 8, 2022) (the "right" version).
Check VCTR-67-000053 was removed from the benchmark in the "right" version. The text below reflects the old wording.
This check's original form is available here.
Text Differences
Title
The vCenter Server must enable the vSAN Health Check.
Check Content
If no clusters are enabled for vSAN, this is not applicable. From the vSphere Client, go to Hosts and Clusters. Select a vSAN Enabled Cluster >> Configure >> vSAN >> Services >> Health Service. Review the "Health Service Status" and verify that it is set to "Enabled". If vSAN is enabled and the vSAN Health Service is disabled, this is a finding.
Discussion
The vSAN Health Check is used for additional alerting capabilities, performance stress testing prior to production usage, and verifying that the underlying hardware officially is supported by being in compliance with the vSAN Hardware Compatibility Guide.
Fix
From the vSphere Client, go to Hosts and Clusters >> select a vSAN Enabled Cluster >> Configure >> vSAN >> Services. Click "Edit" next to "Health Service". Click the slider to "Turn On Periodical Health Check" and configure the time interval as necessary (default is 60 minutes).