STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) Security Technical Implementation Guide

Version

V1R1

Release Date

Oct 29, 2023

SCAP Benchmark ID

VMW_vSphere_8-0_VCSA_STS_STIG

Total Checks

33

Tags

vmware
CAT I: 0CAT II: 33CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (33)

V-258970MEDIUMThe vCenter STS service must limit the number of maximum concurrent connections permitted.V-258971MEDIUMThe vCenter STS service must be configured to use strong encryption ciphers.V-258972MEDIUMThe vCenter STS service cookies must have secure flag set.V-258973MEDIUMThe vCenter STS service must initiate session logging upon startup.V-258974MEDIUMThe vCenter STS service must produce log records containing sufficient information regarding event details.V-258975MEDIUMThe vCenter STS service logs folder permissions must be set correctly.V-258976MEDIUMThe vCenter STS service must limit privileges for creating or modifying hosted application shared files.V-258977MEDIUMThe vCenter STS service must disable stack tracing.V-258978MEDIUMThe vCenter STS service must be configured to use a specified IP address and port.V-258979MEDIUMThe vCenter STS service must be configured to limit data exposure between applications.V-258980MEDIUMThe vCenter STS service must be configured to fail to a known safe state if system initialization fails.V-258981MEDIUMThe vCenter STS service must set URIEncoding to UTF-8.V-258982MEDIUMThe vCenter STS service "ErrorReportValve showServerInfo" must be set to "false".V-258983MEDIUMThe vCenter STS service must set an inactive timeout for sessions.V-258984MEDIUMThe vCenter STS service must offload log records onto a different system or media from the system being logged.V-258985MEDIUMThe vCenter STS service must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive.V-258986MEDIUMThe vCenter STS service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive.V-258987MEDIUMThe vCenter STS service must configure the "setCharacterEncodingFilter" filter.V-258988MEDIUMThe vCenter STS service cookies must have "http-only" flag set.V-258989MEDIUMThe vCenter STS service DefaultServlet must be set to "readonly" for "PUT" and "DELETE" commands.V-258990MEDIUMThe vCenter STS service shutdown port must be disabled.V-258991MEDIUMThe vCenter STS service debug parameter must be disabled.V-258992MEDIUMThe vCenter STS service directory listings parameter must be disabled.V-258993MEDIUMThe vCenter STS service must have Autodeploy disabled.V-258994MEDIUMThe vCenter STS service xpoweredBy attribute must be disabled.V-258995MEDIUMThe vCenter STS service example applications must be removed.V-258996MEDIUMThe vCenter STS service default ROOT web application must be removed.V-258997MEDIUMThe vCenter STS service default documentation must be removed.V-258998MEDIUMThe vCenter STS service files must have permissions in an out-of-the-box state.V-258999MEDIUMThe vCenter STS service must disable "ALLOW_BACKSLASH".V-259000MEDIUMThe vCenter STS service must enable "ENFORCE_ENCODING_IN_GET_WRITER".V-259001MEDIUMThe vCenter STS service manager webapp must be removed.V-259002MEDIUMThe vCenter STS service host-manager webapp must be removed.