VMware

DISA Releases VMware vSphere 6.7 STIGs – Version 1, Release 1

VMware vSphere 6.7 STIGs Released by DISA

On April 22, 2021, the Defense Information Systems Agency (DISA) released the first STIGs for VMware vSphere 6.7, approximately 17 months prior to the end of General Support on October 15, 2022. This release is significant as it provides guidance on securing vCenter Server Appliance (VCSA), ESXi, Virtual Machines, and 8 additional services that exist on the VCSA.

The VMware vSphere 6.7 STIGs are available for download from the Public DoD Cyber Exchange STIGs Document Library by searching for “VMware vSphere 6.7”. The STIGs contain settings and configuration recommendations for securing vCenter Server Appliance (VCSA), ESXi, Virtual Machines, VMware Photon OS, and 8 additional services that exist on the VCSA, including EAM, Perfcharts, PostgreSQL, RhttpProxy, STS, UI, VAMI-lighttpd, and Virgo-Client.

Unlike previous VMware vSphere 6.5 STIGs, which contained STIGs for vCenter Server for Windows, ESXi, and Virtual Machines, the VMware vSphere 6.7 STIGs release is more comprehensive and includes STIGs for all the additional services that exist on the VCSA. This is a significant improvement as it provides a more holistic approach to securing vSphere environments.

The STIGs are dated March 9, 2021, and while I haven’t had an opportunity to compare the STIG settings for Photon OS and the 8 additional VCSA services to the settings implemented on VCSA 6.7, I would venture a guess that they will align as VMware and DISA work closely on the creation of these STIGs.

The VMware vSphere 6.7 STIGs ZIP file contains the following:

* Search

* Get Notified of Future Posts

* Follow Me

* Recent Posts

In conclusion, the release of the VMware vSphere 6.7 STIGs by DISA is a significant development for securing vSphere environments. The comprehensive nature of the STIGs provides guidance on securing all aspects of vCenter Server Appliance (VCSA), ESXi, Virtual Machines, and additional services that exist on the VCSA. It is essential to keep in mind that these STIGs are subject to change as new vulnerabilities and threats emerge, and it is crucial to stay up-to-date with the latest versions to ensure the security of your vSphere environment.