STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

STIGs updated 1 hour ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

VMware vSphere 7.0 VAMI Security Technical Implementation Guide

Version

V1R2

Release Date

Jun 15, 2023

SCAP Benchmark ID

VMW_vSphere_7-0_VAMI_STIG

Total Checks

28

Tags

vmware

CAT I: 2CAT II: 26CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON Download STIG ZIP

Checks (28)

V-256645MEDIUMVAMI must limit the number of simultaneous requests.V-256646HIGHVAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections.V-256647MEDIUMVAMI must use cryptography to protect the integrity of remote sessions.V-256648MEDIUMVAMI must be configured to monitor remote access.V-256649MEDIUMVAMI must generate log records for system startup and shutdown.V-256650MEDIUMVAMI must produce log records containing sufficient information to establish what type of events occurred.V-256651MEDIUMVAMI log files must only be accessible by privileged users.V-256652MEDIUMThe rsyslog must be configured to monitor VAMI logs.V-256653MEDIUMVAMI server binaries and libraries must be verified for their integrity.V-256654MEDIUMVAMI must only load allowed server modules.V-256655MEDIUMVAMI must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled.V-256656MEDIUMVAMI must explicitly disable Multipurpose Internet Mail Extensions (MIME) mime mappings based on "Content-Type".V-256657MEDIUMVAMI must remove all mappings to unused scripts.V-256658MEDIUMVAMI must have resource mappings set to disable the serving of certain file types.V-256659MEDIUMVAMI must not have the Web Distributed Authoring (WebDAV) servlet installed.V-256660MEDIUMVAMI must prevent hosted applications from exhausting system resources.V-256661MEDIUMVAMI must protect the keystore from unauthorized access.V-256662MEDIUMVAMI must protect against or limit the effects of HTTP types of denial-of-service (DoS) attacks.V-256663MEDIUMVAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8.V-256664MEDIUMVAMI must disable directory browsing.V-256665MEDIUMVAMI must not be configured to use "mod_status".V-256666MEDIUMVAMI must have debug logging disabled.V-256667MEDIUMVAMI must be protected from being stopped by a nonprivileged user.V-256668MEDIUMVAMI must implement Transport Layer Security (TLS) 1.2 exclusively.V-256669MEDIUMVAMI must force clients to select the most secure cipher.V-256670MEDIUMVAMI must disable client-initiated Transport Layer Security (TLS) renegotiation.V-256671MEDIUMVAMI must be configured to hide the server type and version in client responses.V-256672HIGHVAMI must enable FIPS mode.