Title

No documented configuration management process exists for VirtualCenter changes. (Cat II impact)

Discussion

VirtualCenter objects might have multiple permissions for users and or groups. Permissions are applied hierarchically downward on these objects. For each permission the administrator must decide if the permission applies only to that immediate object, or downward to all sub objects. Permissions may be overridden by setting different permissions on a lower object. These situations can create confusion and permissions that were thought to be limited might actually be elevated. Furthermore, all changes take affect immediately not requiring users to log off and log back in. Configuration management is critical for all modifications since the new change may override previously configured permissions.

Check Content

Request a copy of the configuration management process document. If the document is incomplete or does not exist, this is a finding.

Fix Text

Document a configuration management process for all VirtualCenter modifications.

Additional Identifiers

Rule ID: SV-16819r1_rule

Vulnerability ID: V-15878

Group Title: No documented configuration management process

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.