VMware Aria Operations (formerly vRealize Operations)

On April 18, 2023, VMware released their “VMware vSphere 8.0 STIG Readiness Guide”. This guide, while not an official STIG, is based on years of experience assisting the DoD in generating the official DISA STIG releases for previous VMware vSphere product versions. Based on their knowledge of the DoD SRGs and previous STIGs, they are confident that the guidance provided within the VMware vSphere 8 STIG Readiness Guide would enable an environment to pass certification with minimal changes should an official DISA STIG be released by the DoD.

Before the addition of Automation Central to VMware Aria Operations (formerly VMware vRealize Operations), I had created my own method of cleaning up outdate snapshots. I documented this method of executing VMware Aria Automation Orchestrator workflows to remediate alerts in my blog post from 2019 titled Automated Alert Remediation in vRealize Operations 7.x using vRealize Orchestrator. This process involved creating an alert in VMware Aria Operations that would be generated when a snapshot reached a specific age.

The United States (U.S.) Department of Defense (DoD) Defense Information Systems Agency (DISA) officially released the VMware vSphere 7.0 STIG on March 15, 2023. This STIG closely follows VMware’s vSphere 7.0 STIG Readiness Guide. As with previous STIG releases, I have created custom compliance and alerting content for use within Aria Operations. This content covers almost all findings for the Virtual Machine STIG, a large portion of the ESXi STIG, and a select number of items from the vCenter STIG.

The VMware vSphere Security Configuration Guide has long been the standard baseline for hardening VMware vSphere environments utilized by engineers across the world. As such, with the release of VMware vSphere 8.0, VMware also released a new version of the security configuration guide. For those familiar with implementing United States (U.S.) Department of Defense (DoD) Defense Information Systems Agency (DISA) STIGs, the guidance provided within the VMware vSphere 8 Security Configuration Guide should seem quite familiar.

Update: DISA released the official VMware vSphere 7.0 STIG on March 15, 2023. Information related to my updated compliance content can be found here. While the United States (U.S.) Department of Defense (DoD) Defense Information Systems Agency (DISA) hasn’t officially released a STIG for VMware vSphere 7.0, VMware has released what they refer to as their “VMware vSphere 7.0 STIG Readiness Guide”. This guide, while not an official STIG, is based on years of experience assisting the DoD in generating the official DISA STIG releases for previous VMware vSphere product versions.