STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

VMware vSphere 7.0 vCenter Appliance UI Security Technical Implementation Guide

Version

V1R2

Release Date

Jun 15, 2023

SCAP Benchmark ID

VMW_vSphere_7-0_vCA_UI_STIG

Total Checks

33

Tags

vmware
CAT I: 0CAT II: 33CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (33)

V-256778MEDIUMvSphere UI must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive.V-256779MEDIUMvSphere UI must limit the number of concurrent connections permitted.V-256780MEDIUMvSphere UI must limit the maximum size of a POST request.V-256781MEDIUMvSphere UI must protect cookies from cross-site scripting (XSS).V-256782MEDIUMvSphere UI must record user access in a format that enables monitoring of remote access.V-256783MEDIUMvSphere UI must generate log records for system startup and shutdown.V-256784MEDIUMvSphere UI log files must only be accessible by privileged users.V-256785MEDIUMvSphere UI application files must be verified for their integrity.V-256786MEDIUMvSphere UI plugins must be authorized before use.V-256787MEDIUMvSphere UI must not be configured with the "UserDatabaseRealm" enabled.V-256788MEDIUMvSphere UI must be configured to limit access to internal packages.V-256789MEDIUMvSphere UI must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled.V-256790MEDIUMvSphere UI must have mappings set for Java servlet pages.V-256791MEDIUMvSphere UI must not have the Web Distributed Authoring (WebDAV) servlet installed.V-256792MEDIUMvSphere UI must be configured with memory leak protection.V-256793MEDIUMvSphere UI must not have any symbolic links in the web content directory tree.V-256794MEDIUMThe vSphere UI directory tree must have permissions in an out-of-the-box state.V-256795MEDIUMvSphere UI must restrict its cookie path.V-256796MEDIUMvSphere UI must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.V-256797MEDIUMvSphere UI must limit the number of allowed connections.V-256798MEDIUMvSphere UI must set URIEncoding to UTF-8.V-256799MEDIUMvSphere UI must set the welcome-file node to a default web page.V-256800MEDIUMThe vSphere UI must not show directory listings.V-256801MEDIUMvSphere UI must be configured to hide the server version.V-256802MEDIUMvSphere UI must be configured to show error pages with minimal information.V-256803MEDIUMvSphere UI must not enable support for TRACE requests.V-256804MEDIUMvSphere UI must have the debug option turned off.V-256805MEDIUMvSphere UI must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server.V-256806MEDIUMvSphere UI log files must be moved to a permanent repository in accordance with site policy.V-256807MEDIUMvSphere UI must be configured with the appropriate ports.V-256808MEDIUMvSphere UI must disable the shutdown port.V-256809MEDIUMvSphere UI must set the secure flag for cookies.V-256810MEDIUMThe vSphere UI default servlet must be set to "readonly".