DISA Releases VMware vSphere 6.7 STIG - Version 1, Release 3

Reading time: 3 minutes

On April 22, 2022 the Defense Information Systems Agency (DISA) released the third update to the VMware vSphere 6.7 STIG.

What’s New?

VMware vSphere 6.7 STIG – Version 1, Release 3 contains minor updates to the VMware vSphere 6.7 Photon OS STIG.

These updates include the following:

  • Updated the expected result text for PHTN-67-000012.
    • Previous Expected Result: 
      -a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -k execpriv
-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -k execpriv
-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 -k execpriv
-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 -k execpriv
    • Updated Expected Result: 
      -a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 execpriv
-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 execpriv
-a always,exit -F arch=b32 -S execve -C gid!=egid -F egid=0 execpriv
-a always,exit -F arch=b64 -S execve -C gid!=egid -F egid=0 execpriv
  • Updated expected result text for PHTN-67-000071 to include an additional acceptable result:
    • Additional Acceptable Result: 
      -a always,exit -S all -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=-1 -F key=privileged
  • Updated the check text for PHTN-67-000021 to use an updated CLI command:
    • Previous CLI Command: 
      grep pam_cracklib /etc/pam.d/system-password|grep --color=always "ucredit=.."
    • Updated CLI Command: 
      grep "^password requisite pam_cracklib.so" /etc/pam.d/system-password|grep --color=always "enforce_for_root"

Documents and STIGs Included

The VMware vSphere 6.7 STIG ZIP file contains the following documents and STIG implementation guides:

  • VMware vSphere 6.7 Version 1 – Overview PDF
  • VMware vSphere 6.7 Version 1 – Release Memo PDF
  • VMware vSphere 6.7 Version 1 – Revision History PDF
  • vCenter Smart Card Authentication Configuration Guide Version 6.7 PDF
  • VMware vSphere 6.7 EAM Tomcat Security Technical Implementation Guide – Version 1, Release 1
  • VMware vSphere 6.7 ESXi Security Technical Implementation Guide – Version 1, Release 2
  • VMware vSphere 6.7 Perfcharts Tomcat Security Technical Implementation Guide – Version 1, Release 2
  • VMware vSphere 6.7 Photon OS Security Technical Implementation Guide – Version 1, Release 3
  • VMware vSphere 6.7 PostgreSQL Security Technical Implementation Guide – Version 1, Release 1
  • VMware vSphere 6.7 RhttpProxy Security Technical Implementation Guide – Version 1, Release 2
  • VMware vSphere 6.7 STS Tomcat Security Technical Implementation Guide – Version 1, Release 2
  • VMware vSphere 6.7 UI Tomcat Security Technical Implementation Guide – Version 1, Release 2
  • VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide – Version 1, Release 2
  • VMware vSphere 6.7 vCenter Security Technical Implementation Guide – Version 1, Release 2
  • VMware vSphere 6.7 Virgo-Client Security Technical Implementation Guide – Version 1, Release 1
  • VMware vSphere 6.7 Virtual Machine Security Technical Implementation Guide – Version 1, Release 2

vRealize Operations Compliance Alerts

As usual with new releases of the DISA STIGs for VMware vSphere, I have updated my compliance alert content for vRealize Operations to include the latest changes as applicable to objects and settings monitored by vRealize Operations. You can download the vSphere 6.7 STIG compliance content from the Downloads page.

Where to Download

The VMware vSphere 6.7 STIG can be downloaded from the Public DoD Cyber Exchange STIGs Document Library by searching for VMware vSphere 6.7.

See Also


Search

Get Notified of Future Posts

Follow Me

LinkedIn Icon
Twitter/X Icon
Threads Icon
RSS Icon

Recent Posts