DISA Releases VMware vSphere 7.0 STIGs Version 1, Release 1
Almost three years after VMware vSphere 7.0 was released (April 2, 2020), the Defense Information Systems Agency (DISA) made available the first STIGs for VMware vSphere 7.0 on March 15, 2023. The STIGs can be downloaded from the Public DoD Cyber Exchange STIGs Document Library by searching for “VMware vSphere 7.0 STIG”. I have not completed an in-depth comparison, but from what I’ve noticed, this STIG release aligns with the content previously provided by VMware in their VMware vSphere 7.
Aria Operations Compliance Content for the vSphere 8 Security Configuration Guide is Available
The VMware vSphere Security Configuration Guide has long been the standard baseline for hardening VMware vSphere environments utilized by engineers across the world. As such, with the release of VMware vSphere 8.0, VMware also released a new version of the security configuration guide. For those familiar with implementing United States (U.S.) Department of Defense (DoD) Defense Information Systems Agency (DISA) STIGs, the guidance provided within the VMware vSphere 8 Security Configuration Guide should seem quite familiar.
Aria Operations Compliance Content for the vSphere 7.0 STIG Readiness Guide is Available
While the United States (U.S.) Department of Defense (DoD) Defense Information Systems Agency (DISA) hasn’t officially released a STIG for VMware vSphere 7.0, VMware has released what they refer to as their “VMware vSphere 7.0 STIG Readiness Guide”. This guide, while not an official STIG, is based on years of experience assisting the DoD in generating the official DISA STIG releases for previous VMware vSphere product versions. Based on their knowledge of the DoD SRGs and previous STIGs, they are confident that the guidance provided within the VMware vSphere 7.
Compliance Management with VMware Aria Automation SaltStack SecOps
In my previous post titled Introduction to VMware vRealize Automation SaltStack SecOps, I provided an introduction to VMware Aria Automation SaltStack Automation SecOps, as well as a brief history and overview of the product’s capabilities. In this post, I’ll dive deeper into the product’s compliance management capabilities. Compliance Checks Compliance checks are at the foundation of VMware Aria Automation SaltStack SecOps compliance management. These checks provide the information necessary to identify the purpose of the check, the operating systems it applies to, the rationale for the check, and, more importantly, the state file responsible for implementing/remediating the check.
Introduction to VMware vRealize Automation SaltStack SecOps
Recently I began familiarizing myself with VMware vRealize Automation SaltStack Config in my home lab. While I'm still relatively new to the product, I was curious to learn more about the compliance and vulnerability management capabilities provided by the SecOps add-on. In this post, I introduce VMware vRealize Automation SaltStack SecOps and briefly review the various features and functionality provided by the product. In subsequent blog posts, I will give a more in-depth look at vulnerability management and compliance management capabilities.