STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vSphere 8.0 vCenter Security Technical Implementation Guide

V-258961

CAT II (Medium)

The vCenter server must require authentication for published content libraries.

Rule ID

SV-258961r1051430_rule

STIG

VMware vSphere 8.0 vCenter Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000366

Discussion

In the vSphere Client, you can create a local or a subscribed content library. By using content libraries, you can store and manage content in one vCenter Server instance. Alternatively, you can distribute content across vCenter Server instances to increase consistency and facilitate the deployment workloads at scale. When publishing a content library it can be protected by requiring authentication for subscribers.

Check Content

Note: If Content Libraries are not used, this is not applicable.

From the vSphere Client, go to Content Libraries.

Review the "Password Protected" column.

If a content library is published and is not password protected, this is a finding.

Fix Text

From the vSphere Client, go to Content Libraries.

Select the target content library.

Select "Actions" then "Edit Settings".

Click the checkbox to "Enable user authentication for access to this content library".

Enter and confirm a password for the content library. Click "OK".

Note: Any subscribed content libraries will need to be updated to enable authentication and provide the password.