Title

ESX administrators have not received proper training to administer the ESX Server. (Cat III impact)

Discussion

Different roles require different types of training. A skilled staff is one of the critical components to the security of an organization. The ESX Server is complex and has many components that need to be monitored and configured. If staff is not properly trained in administering the ESX Server, vulnerabilities will likely be open.

Check Content

Request a copy of the ESX Server training documentation for all staff administering the ESX Servers and peripheral systems. If no training documentation can be produced, this is a finding.

Fix Text

Train all the ESX Server administrators.

Additional Identifiers

Rule ID: SV-17851r1_rule

Vulnerability ID: V-16851

Group Title: ESX admins have not received proper training

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.