VMware vSphere 6.7 STIG Update: Minor Changes and Enhancements

On April 22, 2022, the Defense Information Systems Agency (DISA) released the third update to the VMware vSphere 6.7 Security Technical Implementation Guide (STIG). This latest version includes minor updates to the VMware vSphere 6.7 Photon OS STIG, which are designed to improve the security and compliance of virtualized environments.

The VMware vSphere 6.7 STIG ZIP file contains the following documents and STIG implementation guides:

1. VMware vSphere 6.7 STIG – This document provides comprehensive guidance on securing VMware vSphere 6.7 environments, including configuration recommendations and vulnerability mitigation strategies.

2. VMware vSphere 6.7 Photon OS STIG – This document focuses specifically on the security of Photon OS, which is used as the default operating system for VMware vSphere 6.7.

3. VMware vSphere 6.7 STIG Implementation Guide – This guide provides step-by-step instructions for implementing the VMware vSphere 6.7 STIG in your environment.

The latest updates to the VMware vSphere 6.7 STIG include changes to the following sections:

1. Networking – The updated STIG includes new recommendations for configuring network settings, such as disabling unnecessary network protocols and services, and enforcing strict access controls.

2. User Account Control (UAC) – The STIG now recommends that UAC be enabled for all users to enhance the security of the operating system.

3. Security Settings – The updated STIG includes new recommendations for configuring security settings, such as disabling unnecessary services and applying the latest security patches.

4. System Management – The STIG now provides updated guidance on managing system components, such as the vSphere Client and the ESXi shell.

As usual with new releases of the DISA STIGs for VMware vSphere, I have updated my compliance alert content for vRealize Operations to include the latest changes as applicable to objects and settings monitored by vRealize Operations. You can download the vSphere 6.7 STIG compliance content from the Downloads page.

The VMware vSphere 6.7 STIG can be downloaded from the Public DoD Cyber Exchange STIGs Document Library by searching for VMware vSphere 6.7. To stay informed of future updates and releases, you can search for “VMware vSphere” in the STIGs Document Library and select the “Subscribe” option to receive email notifications when new content becomes available.

In conclusion, the third update to the VMware vSphere 6.7 STIG includes minor changes and enhancements that are designed to improve the security and compliance of virtualized environments. By staying informed of these updates and implementing them in your environment, you can help ensure the security and integrity of your virtual infrastructure.