U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

  1. Checklist Repository

ESXi 5 Virtual Machine STIG Version 2 Release 1 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
VMware ESXi 5.0 cpe:/o:vmware:esxi:5.0 (View CVEs)
VMware ESXi 5.0 Update 1 cpe:/o:vmware:esxi:5.0:1 (View CVEs)
VMware ESXi 5.0 Update 2 cpe:/o:vmware:esxi:5.0:2 (View CVEs)
VMware ESXi 5.1 cpe:/o:vmware:esxi:5.1 (View CVEs)

Checklist Highlights

Checklist Name:
ESXi 5 Virtual Machine STIG
Checklist ID:
469
Version:
Version 2 Release 1
Type:
Compliance
Review Status:
Archived
Authority:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
07/17/2013

Checklist Summary:

This VMware ESXi Version 5 Virtual Machine (ESXi 5 VM) Technology Overview, along with the ESXi 5 VM STIG, provides the technical security policies, requirements, and implementation details for applying security concepts to virtual machines running under the ESXi Version 5 hypervisor. The VMware vSphere 5 Security Hardening Guide contains product-specific, best-practices requirements for VMware ESXi 5 virtual machines. This hardening guide describes the ESXi 5 virtual machine built-in security features, and the measures to safeguard ESXi 5 virtual machines from attack. This hardening guide may be used to secure the vSphere 5 environment for VMware vCenter Server 5 and VMware ESXi 5. This guide was used as input into this STIG.

Checklist Role:

  • Operating System
  • Virtualization Server

Known Issues:

Not provided.

Target Audience:

The security requirements contained within this STIG are designed to assist Security Managers (SMs), Information Assurance Managers (IAMs), Information Assurance Officers (IAOs), and System Administrators (SAs) with configuring and maintaining security controls for virtual machines in a VMware vSphere environment. This document is not a guide to ESXi 5 VM system administration.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not provided.

Regulatory Compliance:

DoD Directive (DoDD) 8500.1 and 8500.2

Comments/Warnings/Miscellaneous:

Comments or proposed revisions to this document should be sent via email to disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Disclaimer:

Not provided.

Product Support:

Comments or proposed revisions to this document should be sent via email to disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Point of Contact:

disa.stig_spt@mail.mil

Sponsor:

Not provided.

Licensing:

Not provided.

Change History: 

Changed status from "Under Review" to "Final" - 03 June 2015
Version 1, Release 2 - 24 January 2014
Version 1, Release 1 - 17 July 2013
Version 1, Release 3 - 26 January 2015
Updated URL to reflect change to the DISA website - http --> https
Updated URLs - 6/14/19
sunset per DISA - 10/29/2021

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 10/29/2021