VMware vSphere 8.0 vCenter STIG Version Comparison

There are 2 differences between versions v2 r1 (Aug. 1, 2024) (the "left" version) and v2 r3 (July 2, 2025) (the "right" version).

Check VCSA-80-000295 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

The vCenter server must require authentication for published content libraries.

Check Content

From Note: If Content Libraries are not used, this is not applicable. From the vSphere Client, go to Content Libraries. Review the "Password Protected" column. If a content library is published and is not password protected, this is a finding.

Discussion

In the vSphere Client, you can create a local or a subscribed content library. By using content libraries, you can store and manage content in one vCenter Server instance. Alternatively, you can distribute content across vCenter Server instances to increase consistency and facilitate the deployment workloads at scale. When publishing a content library it can be protected by requiring authentication for subscribers.

Fix

From the vSphere Client, go to Content Libraries. Select the target content library. Select "Actions" then "Edit Settings". Click the checkbox to "Enable user authentication for access to this content library". Enter and confirm a password for the content library. Click "OK". Note: Any subscribed content libraries will need to be updated to enable authentication and provide the password.