DISA Releases VMware vSphere 7.0 STIGs Version 1, Release 1

Reading time: 3 minutes

Almost three years after VMware vSphere 7.0 was released (April 2, 2020), the Defense Information Systems Agency (DISA) made available the first STIGs for VMware vSphere 7.0 on March 15, 2023. The STIGs can be downloaded from the Public DoD Cyber Exchange STIGs Document Library by searching for “VMware vSphere 7.0 STIG”.

I have not completed an in-depth comparison, but from what I’ve noticed, this STIG release aligns with the content previously provided by VMware in their VMware vSphere 7.0 STIG Readiness Guide. VMware does note on their VMware vSphere 7.0 STIG site that if you consume VMware vSphere 7.0 through an engineered data center solution, you should check with your product’s support for guidance before implementing the STIG settings.

What’s in the STIG

This release of the VMware vSphere STIG follows the same structure introduced in the VMware vSphere 6.7 STIG. The STIG bundle includes separate STIG files for each component within VMware vSphere. This release of the STIG bundle contains the following:

  • VMware vSphere 7.0 – Version 1 Release 1 – Overview PDF
  • VMware vSphere 7.0 – Version 1 Release 1 – Release Memo PDF
  • SRG and STIG Readme – Version 3, Release 4 PDF
  • VMware vSphere 7.0 STIG Revision History PDF
  • vCenter Smart Card Authentication Configuration Guide Version 7.0 PDF
  • VMware vSphere 7.0 ESXi Security Technical Implementation Guide – Version 1, Release 1
  • VMware vSphere 7.0 VAMI Security Technical Implementation Guide – Version 1, Release 1
  • VMware vSphere 7.0 vCenter Appliance EAM Security Technical Implementation Guide – Version 1, Release 1
  • VMware vSphere 7.0 vCenter Appliance Lookup Service Security Technical Implementation Guide – Version 1, Release 1
  • VMware vSphere 7.0 vCenter Appliance Perfcharts Security Technical Implementation Guide – Version 1, Release 1
  • VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide – Version 1, Release 1
  • VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide – Version 1, Release 1
  • VMware vSphere 7.0 vCenter Appliance RhttpProxy Security Technical Implementation Guide – Version 1, Release 1
  • VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide – Version 1, Release 1
  • VMware vSphere 7.0 vCenter Appliance UI Security Technical Implementation Guide – Version 1, Release 1
  • VMware vSphere 7.0 vCenter Security Technical Implementation Guide – Version 1, Release 1
  • VMware vSphere 7.0 Virtual Machine Security Technical Implementation Guide – Version 1, Release 1

Aria Operations Compliance and Alerting Content

As usual, I have updated my VMware Aria Operations Compliance and Alerting content to include the latest updates for the STIGs. To download the compliance and alerting content, head to the Downloads and look for the heading “VMware vSphere 7.0 STIG, Version 1, Release 1” to find all the downloads.

See Also


Search

Get Notified of Future Posts

Follow Me

LinkedIn Icon
Twitter/X Icon
Threads Icon
RSS Icon

Recent Posts