STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

VMware vSphere 8.0 vCenter Appliance User Interface (UI) Security Technical Implementation Guide

Version

V1R1

Release Date

Oct 29, 2023

SCAP Benchmark ID

VMW_vSphere_8-0_VCSA_UI_STIG

Total Checks

33

Tags

vmware
CAT I: 0CAT II: 33CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (33)

V-259104MEDIUMThe vCenter UI service must limit the number of maximum concurrent connections permitted.V-259105MEDIUMThe vCenter UI service cookies must have secure flag set.V-259106MEDIUMThe vCenter UI service must initiate session logging upon startup.V-259107MEDIUMThe vCenter UI service must produce log records containing sufficient information regarding event details.V-259108MEDIUMThe vCenter UI service must protect logs from unauthorized access.V-259109MEDIUMThe vCenter UI service must limit privileges for creating or modifying hosted application shared files.V-259110MEDIUMThe vCenter UI service must disable stack tracing.V-259111MEDIUMThe vCenter UI service must be configured to use a specified IP address and port.V-259112MEDIUMThe vCenter UI service must be configured to limit data exposure between applications.V-259113MEDIUMThe vCenter UI service must be configured to fail to a known safe state if system initialization fails.V-259114MEDIUMThe vCenter UI service must set URIEncoding to UTF-8.V-259115MEDIUMThe vCenter UI service "ErrorReportValve showServerInfo" must be set to "false".V-259116MEDIUMThe vCenter UI service must set an inactive timeout for sessions.V-259117MEDIUMThe vCenter UI service must offload log records onto a different system or media from the system being logged.V-259118MEDIUMThe vCenter UI service must enable "STRICT_SERVLET_COMPLIANCE".V-259119MEDIUMThe vCenter UI service must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive.V-259120MEDIUMThe vCenter UI service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive.V-259121MEDIUMThe vCenter UI service must configure the "setCharacterEncodingFilter" filter.V-259122MEDIUMThe vCenter UI service cookies must have "http-only" flag set.V-259123MEDIUMThe vCenter UI service DefaultServlet must be set to "readonly" for "PUT" and "DELETE" commands.V-259124MEDIUMThe vCenter UI service shutdown port must be disabled.V-259125MEDIUMThe vCenter UI service debug parameter must be disabled.V-259126MEDIUMThe vCenter UI service directory listings parameter must be disabled.V-259127MEDIUMThe vCenter UI service deployXML attribute must be disabled.V-259128MEDIUMThe vCenter UI service must have Autodeploy disabled.V-259129MEDIUMThe vCenter UI service xpoweredBy attribute must be disabled.V-259130MEDIUMThe vCenter UI service example applications must be removed.V-259131MEDIUMThe vCenter UI service default ROOT web application must be removed.V-259132MEDIUMThe vCenter UI service default documentation must be removed.V-259133MEDIUMThe vCenter UI service must disable "ALLOW_BACKSLASH".V-259134MEDIUMThe vCenter UI service must enable "ENFORCE_ENCODING_IN_GET_WRITER".V-259135MEDIUMThe vCenter UI service manager webapp must be removed.V-259136MEDIUMThe vCenter UI service host-manager webapp must be removed.