STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

VMware NSX Manager Security Technical Implementation Guide

Version

V1R1

Benchmark ID

VMware_NSX_Manager_STIG

Total Checks

30

Tags

vmware
CAT I: 3CAT II: 22CAT III: 5

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSON

Checks (30)

V-69161HIGHThe NSX vCenter must be configured to use an authentication server to provide automated support for account management functions to centrally control the authentication process for the purpose of granting administrative access.V-69163HIGHThe NSX vCenter must enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device.V-69165MEDIUMThe NSX vCenter must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.V-69167HIGHThe NSX Manager must not have any default manufacturer passwords when deployed.V-69171MEDIUMThe NSX vCenter must protect audit information from any type of unauthorized read access.V-69173LOWThe NSX Manager must back up audit records at least every seven days onto a different system or system component than the system or component being audited.V-69175MEDIUMThe NSX vCenter must enforce a minimum 15-character password length.V-69177MEDIUMThe NSX vCenter must prohibit password reuse for a minimum of five generations.V-69179MEDIUMIf multifactor authentication is not supported and passwords must be used, the NSX vCenter must enforce password complexity by requiring that at least one upper-case character be used.V-69181MEDIUMIf multifactor authentication is not supported and passwords must be used, the NSX vCenter must enforce password complexity by requiring that at least one lower-case character be used.V-69183MEDIUMIf multifactor authentication is not supported and passwords must be used, the NSX vCenter must enforce password complexity by requiring that at least one numeric character be used.V-69185MEDIUMIf multifactor authentication is not supported and passwords must be used, the NSX vCenter must enforce password complexity by requiring that at least one special character be used.V-69187MEDIUMThe NSX vCenter must enforce a 60-day maximum password lifetime restriction.V-69189MEDIUMThe NSX vCenter must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.V-69191MEDIUMThe NSX vCenter must reveal error messages only to authorized individuals (ISSO, ISSM, and SA).V-69193MEDIUMThe NSX vCenter must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect.V-69195MEDIUMIf the NSX vCenter uses role-based access control, the network device must enforce organization-defined role-based access control policies over defined subjects and objects.V-69197MEDIUMThe NSX vCenter must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.V-69199MEDIUMThe NSX vCenter must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.V-69201MEDIUMThe NSX vCenter must provide the capability for organization-identified individuals or roles to change the auditing to be performed based on all selectable event criteria within near-real time.V-69203LOWThe NSX Manager must compare internal information system clocks at least every 24 hours with an authoritative time server.V-69205LOWThe NSX Manager must synchronize internal information system clocks to the authoritative time source when the time difference is greater than the organization-defined time period.V-69207MEDIUMThe NSX Manager must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.V-69209MEDIUMThe NSX Manager must off-load audit records onto a different system or media than the system being audited.V-69211MEDIUMThe NSX Manager must enforce access restrictions associated with changes to the system components.V-69213LOWThe NSX Manager must support organizational requirements to conduct backups of system-level information contained in the information system when changes occur or weekly, whichever is sooner.V-69215LOWThe NSX Manager must support organizational requirements to conduct backups of information system documentation, including security-related documentation, when changes occur or weekly, whichever is sooner.V-69217MEDIUMThe NSX Manager must employ automated mechanisms to assist in the tracking of security incidents.V-69219MEDIUMThe NSX vCenter must obtain its public key certificates from an appropriate certificate policy through an approved service provider.V-69221MEDIUMThe NSX vCenter must accept multifactor credentials.