Check: VNSX-ND-000133
VMware NSX Manager STIG:
VNSX-ND-000133
(in version v1 r1)
Title
The NSX Manager must enforce access restrictions associated with changes to the system components. (Cat II impact)
Discussion
Changes to the hardware or software components of the network device can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals must be allowed administrative access to the network device for implementing any changes or upgrades. This requirement applies to updates of the application files, configuration, ACLs, and policy filters.
Check Content
Verify the built-in SSO administrator account is only used for emergencies and situations where it is the only option due to permissions. If the built-in SSO administrator account is used for daily operations or there is no policy restricting its use, this is a finding.
Fix Text
Develop a policy to limit the use of the built-in SSO administrator account.
Additional Identifiers
Rule ID: SV-83815r1_rule
Vulnerability ID: V-69211
Group Title: SRG-APP-000516-NDM-000335
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000345 |
The organization enforces logical access restrictions associated with changes to the information system. |
| CCI-000366 |
The organization implements the security configuration settings. |