STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide

V-241631

CAT II (Medium)

tc Server ALL server files must be verified for their integrity (e.g., checksums and hashes) before becoming part of the production web server.

Rule ID

SV-241631r879584_rule

STIG

VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001749

Discussion

Being able to verify that a patch, upgrade, certificate, etc., being added to the web server is unchanged from the producer of the file is essential for file validation and non-repudiation of the information. VMware delivers product updates and patches regularly. It is crucial that system administrators coordinate installation of product updates with the site ISSO to ensure that only valid files are uploaded onto the system.

Check Content

Obtain supporting documentation from the ISSO.

Determine whether web server files are being fully reviewed, tested, and signed before being implemented into the production environment.

If the web server files are not being fully reviewed, tested, and signed before being implemented into the production environment, this is a finding.

Fix Text

Configure the web server to verify object integrity before becoming part of the production web server or utilize an external tool designed to meet this requirement.