STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

VMware NSX-T Manager NDM Security Technical Implementation Guide

Version

V1R3

Benchmark ID

VMW_NSX-T_Manager_NDM_STIG

Total Checks

23

Tags

vmware
CAT I: 5CAT II: 17CAT III: 1

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSON

Checks (23)

V-251778HIGHNSX-T Manager must restrict the use of configuration, administration, and the execution of privileged commands to authorized personnel based on organization-defined roles.V-251779MEDIUMThe NSX-T Manager must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.V-251780MEDIUMThe NSX-T Manager must enforce a minimum 15-character password length.V-251781HIGHThe NSX-T Manager must terminate the device management session at the end of the session or after 10 minutes of inactivity.V-251782MEDIUMThe NSX-T Manager must be configured to synchronize internal information system clocks using redundant authoritative time sources.V-251783MEDIUMThe NSX-T Manager must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC).V-251784MEDIUMThe NSX-T Manager must prohibit the use of cached authenticators after an organization-defined time period.V-251785MEDIUMThe NSX-T Manager must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards.V-251786MEDIUMThe NSX-T Manager must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.V-251787MEDIUMThe NSX-T Manager must be configured to send logs to a central log server.V-251788MEDIUMThe NSX-T Manager must generate log records for the info level to capture the DoD-required auditable events.V-251789HIGHThe NSX-T Manager must integrate with either VMware Identity Manager (vIDM) or VMware Workspace ONE Access.V-251790MEDIUMThe NSX-T Manager must be configured to conduct backups on an organizationally defined schedule.V-251791MEDIUMThe NSX-T Manager must support organizational requirements to conduct backups of information system documentation, including security-related documentation, when changes occur or weekly, whichever is sooner.V-251792MEDIUMThe NSX-T Manager must obtain its public key certificates from an approved DoD certificate authority.V-251793HIGHThe NSX-T Manager must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the Information System Security Officer (ISSO).V-251794HIGHThe NSX-T Manager must be running a release that is currently supported by the vendor.V-251795MEDIUMThe NSX-T Manager must not provide environment information to third parties.V-251796LOWThe NSX-T Manager must disable SSH.V-251797MEDIUMThe NSX-T Manager must disable unused local accounts.V-251798MEDIUMThe NSX-T Manager must disable TLS 1.1 and enable TLS 1.2.V-251799MEDIUMThe NSX-T Manager must disable SNMP v2.V-251800MEDIUMThe NSX-T Manager must enable the global FIPS compliance mode for load balancers.