STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide

V-256771

CAT II (Medium)

The Security Token Service must be configured with the appropriate ports.

Rule ID

SV-256771r918979_rule

STIG

VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001762

Discussion

Web servers provide numerous processes, features, and functionalities that use TCP/IP ports. Some of these processes may be deemed unnecessary or too unsecure to run on a production system. The ports that the Security Token Service listens on are configured in the "catalina.properties" file and must be verified as accurate to their shipping state.

Check Content

At the command prompt, run the following command:

# grep 'bio' /usr/lib/vmware-sso/vmware-sts/conf/catalina.properties

Expected result:

bio-custom.http.port=7080
bio-custom.https.port=8443
bio-ssl-clientauth.https.port=3128
bio-ssl-localhost.https.port=7444

If the output of the command does not match the expected result, this is a finding.

Note: Port 3128 will not be shown in the output prior to 7.0 U3i.

Fix Text

Navigate to and open:

/usr/lib/vmware-sso/vmware-sts/conf/catalina.properties

Navigate to the ports specification section.

Set the Security Token Service port specifications according to the following list:

bio-custom.http.port=7080
bio-custom.https.port=8443
bio-ssl-clientauth.https.port=3128
bio-ssl-localhost.https.port=7444

Restart the service with the following command:

# vmon-cli --restart sts