STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Virtual Machine Manager Security Requirements Guide

V-207401

CAT II (Medium)

The VMM must separate user functionality (including user interface services) from VMM management functionality.

Rule ID

SV-207401r1138001_rule

STIG

Virtual Machine Manager Security Requirements Guide

Version

V2R3

CCIs

CCI-001082

Discussion

VMM management functionality includes functions necessary for administration and requires privileged user access. Allowing nonprivileged users to access VMM management functionality capabilities increases the risk that nonprivileged users may obtain elevated privileges. VMM management functionality includes functions necessary to administer console, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from VMM management functionality is either physical or logical and is accomplished by using different guest VMs, different computers, different central processing units, different instances of the VMM, different network addresses, different TCP/UDP ports, other virtualization techniques, combinations of these methods, or other methods, as appropriate. This requirement also applies to Zero Trust initiatives.

Check Content

Verify the VMM separates user functionality (including user interface services) from VMM management functionality.

If it does not, this is a finding.

Fix Text

Configure the VMM to separate user functionality (including user interface services) from VMM management functionality.