On January 16, 2020, the Defense Information Systems Agency has made available the second update to VMware vSphere 6.5 STIGs released in 2019. VMware vSphere 6.5 STIG Version 1, Release 3 includes updates to both the ESXi and the vCenter Server STIGs. Per the revision history provided in the updated STIG download, the following changes were made:
VMware vSphere 6.5 ESXi STIG
- V-94505, V-94507, V-94529, V-94531, V-94543, V-94545 - Added N/A statement when host profiles are not used to join AD
- These STIGs checks all relate to the authentication of users to ESXi using Active Directory. If you are not utilizing Active Directory for user authentication and only have the “root” and/or “vpxuser” defined as local users, then these checks do not apply to you.
- V-94349 - Modified check/fix
- This STIG check relates to the configuration of user permissions for CIM accounts defined locally on ESXi hosts. This updated STIG provides far more details about the check and how to remediate it.
VMware vSphere 6.5 vCenter Server STIG
- V-94775 - Adjusted permissions
- This STIG check relates to user permissions defined on the vCenter for Windows SQL Server database. If you are using the vCenter Server Appliance, then you can safely ignore this check.
- V-94801 - Modified syntax
- This STIG check relates to the creation of alerts when user permissions are deleted. This update only corrects the PowerCLI syntax previously provided, as it included unnecessary quotation marks.
You can download the updated STIG from DISA’s public STIG site: DISA Virtualization STIG Downloads.
Updated vRealize Operations alert content downloads are available from the Downloads page.