U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

ESXi 5 Server STIG Version 2, Release 1 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
VMware ESXi 5.0 cpe:/o:vmware:esxi:5.0 (View CVEs)
VMware ESXi 5.0 Update 1 cpe:/o:vmware:esxi:5.0:1 (View CVEs)
VMware ESXi 5.0 Update 2 cpe:/o:vmware:esxi:5.0:2 (View CVEs)
VMware ESXi 5.1 cpe:/o:vmware:esxi:5.1 (View CVEs)

Checklist Highlights

Checklist Name:
ESXi 5 Server STIG
Checklist ID:
455
Version:
Version 2, Release 1
Type:
Compliance
Review Status:
Archived
Authority:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
01/24/2017

Checklist Summary:

This ESXi 5 Technology Overview, along with the general-purpose Operating System (OS) Security Requirements Guide (SRG), the Operating System (OS) Security Requirements Guide (SRG) (UNIX Version), the VMware vSphere 5 Security Hardening Guide, and associated MS Windows Server 2008 R2 Security Technical Implementation Guides (STIGs), provides the technical security policies, requirements, and implementation details for applying security concepts to this UNIX-like hypervisor. The VMware vSphere 5 Security Hardening Guide contains product-specific, best-practices requirements for the VMware ESXi Version 5 Hypervisor. This hardening guide describes the ESXi 5 built-in security features, and the measures to safeguard ESXi 5 from attack. This hardening guide may be used to secure the vSphere 5 environment for VMware vCenter Server 5 and VMware ESXi 5. The VMware ESXi 5 Security Technical Implementation Guide may be used as a guide for enhancing the security configuration of the ESXi 5 Server system, including the server's Virtual Machines and Virtual networking components. The security requirements contained within the OS SRG, OS SRG (UNIX Version), the vSphere 5 Security Hardening Guide, and the UNIX STIGs are applicable to all DoD-administered systems and all systems connected to DoD networks. The SRGs, vSphere 5 Security Hardening Guide, and STIGs provide requirements and associated procedures to reduce the security vulnerabilities of UNIX systems. These requirements are designed to assist Security Managers (SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with configuring and maintaining security controls in a UNIX environment. This ESXi 5 Technology Overview document introduces security concepts and terminology used in the general-purpose Operating System (OS) Security Requirements Guide (SRG), the OS SRG (UNIX Version), and the UNIX STIGs. This document is not a guide to UNIX, UNIX-like, or VMware ESXi 5 system administration. From this point on, any reference to UNIX will also include UNIX-like operating systems as well. The VMware vCenter Server Security Technical Implementation Guide may be used as a guide for enhancing the security configuration of the vCenter Server system, including the vSphere Update Manager.

Checklist Role:

  • Operating System
  • Virtualization Server

Known Issues:

Not provided.

Target Audience:

These requirements are designed to assist Security Managers (SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with configuring and maintaining security controls in a UNIX environment.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

The VMware vSphere 5 Security Hardening Guide contains product-specific, best-practices requirements for the VMware ESXi Version 5 Hypervisor.

Regulatory Compliance:

DoD Directive (DoDD) 8500.1 and 8500.2

Comments/Warnings/Miscellaneous:

Comments or proposed revisions to this document should be sent via e-mail to disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Disclaimer:

Not provided.

Product Support:

Comments or proposed revisions to this document should be sent via e-mail to disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Point of Contact:

disa.stig_spt@mail.mil

Sponsor:

Not provided.

Licensing:

Not provided.

Change History:

Changed status from "Under Review" to "Final" - 03 June 2015
Version 1, Release 4 - 24 January 2014
Version 1, Release 3 - 27 September 2013
Version 1, Release 2 - 17 September 2013
Version 1, Release 1 - 17 July 2013
Version1, Release 5 - 30 October 2014
Updated status to Final - 07 January 2015
Version 1, Release 6 - 26 January 2015
Version 1, Release 8 - 29 October 2015
Changed status from "Under Review" to "Final" - 17 December 2015
4/28/2016 - Version 1, Release 9
moved to FINAL - 6/7/2016
Updated to v1, r10 - 01/27/2017
Updated to FINAL - 03/08/2017
null
Updated URL to reflect change to the DISA website - http --> https
Updated URLs - 6/14/19
sunset per DISA - 10/29/2021

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 10/29/2021