STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vSphere 7.0 Virtual Machine Security Technical Implementation Guide

V-256468

CAT III (Low)

System administrators must use templates to deploy virtual machines (VMs) whenever possible.

Rule ID

SV-256468r959010_rule

STIG

VMware vSphere 7.0 Virtual Machine Security Technical Implementation Guide

Version

V1R4

CCIs

CCI-000366

Discussion

Capture a hardened base operating system image (with no applications installed) in a template to ensure all VMs are created with a known baseline level of security. Use this template to create other, application-specific templates, or use the application template to deploy VMs. Manual installation of the operating system and applications into a VM introduces the risk of misconfiguration due to human or process error.

Check Content

Ask the system administrator if hardened, patched templates are used for VM creation and properly configured operating system deployments, including applications dependent and nondependent on VM-specific configurations.

If hardened, patched templates are not used for VM creation, this is a finding.

Fix Text

Create hardened VM templates to use for operating system deployments.