Title

There is no up-to-date documentation of the virtualization infrastructure. (Cat II impact)

Discussion

With the creation of virtual machines, the actual virtual network topology becomes increasingly complex. The topology changes when a virtual machine is created, added to a virtual switch or port group, moved to another virtualization server, etc. With the dynamic nature of the virtualization environment, administrators of the virtualization environment will maintain up to date documentation for all virtual machines, virtual switches, IP addresses, MAC addresses, etc.

Check Content

Request a copy of all the virtualization infrastructure documentation. Documentation must include all ESX Servers, virtual machines, IP addresses, MAC addresses, virtual switches, operating systems, and any virtual applications. If the documentation does include all of these components, this is a finding.

Fix Text

Develop up-to-date documentation for the virtualization infrastructure.

Additional Identifiers

Rule ID: SV-16823r1_rule

Vulnerability ID: V-15882

Group Title: Virtual infrastructure documents not up-to-date

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.