STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vSphere 7.0 vCenter Security Technical Implementation Guide

V-256358

CAT II (Medium)

The vCenter Server must use unique service accounts when applications connect to vCenter.

Rule ID

SV-256358r885685_rule

STIG

VMware vSphere 7.0 vCenter Security Technical Implementation Guide

Version

V1R3

CCIs

CCI-000366

Discussion

To not violate nonrepudiation (i.e., deny the authenticity of who is connecting to vCenter), when applications need to connect to vCenter they must use unique service accounts.

Check Content

Verify each external application that connects to vCenter has a unique service account dedicated to that application.

For example, there should be separate accounts for Log Insight, Operations Manager, or anything else that requires an account to access vCenter.

If any application shares a service account that is used to connect to vCenter, this is a finding.

Fix Text

For applications sharing service accounts, create a new service account to assign to the application so that no application shares a service account with another.

When standing up a new application that requires access to vCenter, always create a new service account prior to installation and grant only the permissions needed for that application.