With the recent release of the VMware vSphere 6.5 Virtual Machine STIG Version 1, Release 1, I needed to create new vRealize Operations alert content to verify compliance of my virtual machines. Combined with the automated alert remediation process I described in a previous post, ensuring compliance with the new STIG requirements is easy. See the link at the bottom of the page to download the alert content XML.
Unfortunately, the following STIG items can’t be verified by vRealize Operations either because the checks are user process related or the configuration values aren’t currently collected by vRealize Operations:
VMCH-65-000042 - System administrators must use templates to deploy virtual machines whenever possible.
VMCH-65-000043 - Use of the virtual machine console must be minimized.
VMCH-65-000044 - The virtual machine guest operating system must be locked when the last console connection is closed.
VMCH-65-000046 - Encryption must be enabled for vMotion on the virtual machine.
VMCH-65-000047 - The virtual machine guest operating system must be locked when the last console connection is closed.
VMCH-65-000049 - Encryption must be enabled for vMotion on the virtual machine.
Update: For information on how to add data to vRealize Operations to monitor compliance of VMCH-65-000044, VMCH-65-000046, VMCH-65-000047, and VMCH-65-000049, see this post.
vRealize Operations Compliance Alert Content can be downloaded from the Downloads page.
Get Notified of Future Posts