STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

VMware NSX 4.x Manager NDM Security Technical Implementation Guide

Version

V1R2

Benchmark ID

VMW_NSX_4-x_Manager_NDM_STIG

Total Checks

28

Tags

vmware
CAT I: 6CAT II: 21CAT III: 1

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSON

Checks (28)

V-265289MEDIUMThe NSX Manager must configure logging levels for services to ensure audit records are generated.V-265292HIGHThe NSX Manager must assign users/accounts to organization-defined roles configured with approved authorizations.V-265293MEDIUMThe NSX Manager must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.V-265294MEDIUMThe NSX Manager must display the Standard Mandatory DOD Notice and Consent Banner before granting access.V-265295MEDIUMThe NSX Manager must retain the Standard Mandatory DOD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log on for further access.V-265296HIGHThe NSX Manager must be configured to integrate with an identity provider that supports multifactor authentication (MFA).V-265313MEDIUMThe NSX Manager must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.V-265315HIGHThe NSX Manager must only enable TLS 1.2 or greater.V-265316MEDIUMThe NSX Manager must enforce a minimum 15-character password length for local accounts.V-265317MEDIUMThe NSX Manager must enforce password complexity by requiring that at least one uppercase character be used for local accounts.V-265318MEDIUMThe NSX Manager must enforce password complexity by requiring that at least one lowercase character be used for local accounts.V-265319MEDIUMThe NSX Manager must enforce password complexity by requiring that at least one numeric character be used for local accounts.V-265320MEDIUMThe NSX Manager must enforce password complexity by requiring that at least one special character be used for local accounts.V-265321MEDIUMThe NSX Manager must require that when a password is changed, the characters are changed in at least eight of the positions within the password.V-265327HIGHThe NSX Manager must terminate all network connections associated with a session after five minutes of inactivity.V-265338MEDIUMThe NSX Manager must be configured to synchronize internal information system clocks using redundant authoritative time sources.V-265339MEDIUMThe NSX Manager must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC).V-265346MEDIUMThe NSX Manager must be configured to protect against denial-of-service (DoS) attacks by limit the number of concurrent sessions to an organization-defined number.V-265348HIGHThe NSX Manager must be configured to send logs to a central log server.V-265349LOWThe NSX Manager must not provide environment information to third parties.V-265350MEDIUMThe NSX Manager must be configured to conduct backups on an organizationally defined schedule.V-265351MEDIUMThe NSX Manager must obtain its public key certificates from an appropriate certificate policy through an approved service provider.V-265352HIGHThe NSX Manager must be running a release that is currently supported by the vendor.V-265353MEDIUMThe NSX Manager must disable SSH.V-265354MEDIUMThe NSX Manager must disable SNMP v2.V-265355MEDIUMThe NSX Manager must enable the global FIPS compliance mode for load balancers.V-265358MEDIUMThe NSX Manager must be configured as a cluster.V-265359MEDIUMThe NSX Managers must be deployed on separate physical hosts.