Almost exactly 3 years after vSphere 6.7 was released (April 17, 2018) and approximately 17 months prior to the end of General Support (October 15, 2022), the Defense Information Systems Agency (DISA) made available the first STIGs for VMware vSphere 6.7 on April 22, 2021. The STIGs can be downloaded from the Public DoD Cyber Exchange STIGs Document Library by searching for “VMware vSphere 6.7”.
What’s New?
Unlike the previous VMware vSphere 6.5 STIGs which contained STIGs for vCenter Server for Windows, ESXi, and Virtual Machines, the VMware vSphere 6.7 STIGs release contains STIGs for the vCenter Server Appliance (VCSA), ESXi, Virtual Machines, VMware Photon OS, and 8 additional services that exist on the VCSA including EAM, Perfcharts, PostgreSQL, RhttpProxy, STS, UI, VAMI-lighttpd, and Virgo-Client. All STIGs contained within the download are dated March 9, 2021.
While I haven’t had an opportunity to compare the STIG settings for Photon OS and the 8 additional VCSA services to the settings implemented on VCSA 6.7, I would venture a guess that they will align as VMware and DISA work closely on the creation of these STIGs.
The VMware vSphere 6.7 STIGs ZIP file contains the following:
- VMware vSphere 6.7 Version 1 Release 1 – Overview PDF
- VMware vSphere 6.7 Version 1 Release 1 – Release Memo PDF
- vCenter Smart Card Authentication Configuration Guide Version 6.7 PDF
- VMware vSphere 6.7 EAM Tomcat Security Technical Implementation Guide – Version 1, Release 1
- VMware vSphere 6.7 ESXi Security Technical Implementation Guide– Version 1, Release 1
- VMware vSphere 6.7 Perfcharts Tomcat Security Technical Implementation Guide– Version 1, Release 1
- VMware vSphere 6.7 Photon OS Security Technical Implementation Guide– Version 1, Release 1
- VMware vSphere 6.7 PostgreSQL Security Technical Implementation Guide– Version 1, Release 1
- VMware vSphere 6.7 RhttpProxy Security Technical Implementation Guide– Version 1, Release 1
- VMware vSphere 6.7 STS Tomcat Security Technical Implementation Guide– Version 1, Release 1
- VMware vSphere 6.7 UI Tomcat Security Technical Implementation Guide– Version 1, Release 1
- VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide– Version 1, Release 1
- VMware vSphere 6.7 vCenter Security Technical Implementation Guide– Version 1, Release 1
- VMware vSphere 6.7 Virgo-Client Security Technical Implementation Guide– Version 1, Release 1
- VMware vSphere 6.7 Virtual Machine Security Technical Implementation Guide– Version 1, Release 1