0 Replies Latest reply: Aug 22, 2013 10:58 AM by njones RSS

DISA VMware ESXi/vCenter 5 v1r1 STIG Audit

njones

Synopsis:

 

VMware ESXi/vCenter 5 Security Technical Implementation Guide audit

 

Description:

 

This audit file implements most of the recommendations provided by the DISA VMware ESXi/vCenter 5 Security Technical Implementation Guide.


Where applicable the Nessus checks in the audit file have been created such that local environmental values can be easily integrated. For example, DISA recommends that the system clock be synchronized to an authoritative time source. The included checks allow for the user to customize this check to validate the correct values for the local environment. Below is an example of the included samples to assist in this customization.

 

# example expect
# expect            : "Product Version : 5\.0"
expect            : "Product Version : {ESXI_VERSION}"

 

Here is a screenshot of some sample results:

 

VMware-STIG-Summary.png

VMware-STIG-PASS.png

VMware-STIG-FAIL.png

 

Total Checks:

 

90

 

Additional Notes:

 

- This audit is based on the draft version of the DISA STIG guide, so some checks may be changed/removed before the final release.
- STIG IDs ending with *-PNF (Permanent Non Finding) and *-PF (Permanent findings) are not included.

 

See Also:

 

The DISA VMware recommendation documents can be downloaded here:
DISA Virtualization STIG list

DISA VMware ESXi v5 Security Technical Implementation Guides:

VMware vCenter

VMware ESXi 5

VMware ESXi 5 Virtual Machines

Files Included:

 

DISA_STIG_VMware_ESXi-vCenter_5_v1r1.audit

 

Location:

 

Tenable Support Portal - under "DISA STIG and Checklist Configuration Audits"