) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
CIS VMware ESX Server 3.5 Benchmark v1.2.0 Checklist Details (Checklist Revisions)
NOTE
This is not the current revision of this Checklist, view the current revision.
Supporting Resources:
-
Download Prose - CIS VMware ESX Server 3.0 Benchmark v1.0.0
- Center for Internet Security (CIS)
Target:
| Target | CPE Name |
|---|---|
| VMware ESX Server 3.0.0 | cpe:/o:vmware:esx:3.0.0 (View CVEs) |
| VMware ESX Server 3.0.1 | cpe:/o:vmware:esx:3.0.1 (View CVEs) |
| VMware ESX Server 3.0.2 | cpe:/o:vmware:esx:3.0.2 (View CVEs) |
| VMware ESX Server 3.1 | cpe:/o:vmware:esx:3.1 (View CVEs) |
| VMware ESX Server 3.2 | cpe:/o:vmware:esx:3.2 (View CVEs) |
| VMware ESX Server 3.3 | cpe:/o:vmware:esx:3.3 (View CVEs) |
| VMware ESX Server 3.5 | cpe:/o:vmware:esx:3.5 (View CVEs) |
Checklist Highlights
- Checklist Name:
- CIS VMware ESX Server 3.5 Benchmark
- Checklist ID:
- 268
- Version:
- v1.2.0
- Type:
- Compliance
- Review Status:
- Under Review
- Authority:
- Third Party: Center for Internet Security (CIS)
- Original Publication Date:
- 10/01/2007
Checklist Summary:
This document addresses the security aspects of virtual machine technologies and VMware ESX Server 3.x implementations. While these topics cannot be completely separated from the standard security issues of operating a physical computer or basic issues of running the individual operating systems involved, this document?s primary focus is on virtual machine security issues. For this reason, we do not cover all of the steps needed to harden the guest operating systems. The Center for Internet Security has multiple documents, which address guest operating system security recommendations. Recommendations are based on a variety of public sources and input from members of the Center for Internet Security (CIS).
Checklist Role:
- Virtualization Server
Known Issues:
Not provided.
Target Audience:
This document is intended for system administrators, but should be read by anyone responsible for installing and/or configuring Virtual Machines. In the context of this document, a system administrator is defined as someone who can create and manage accounts and groups, understands how operating systems perform access control, understands how to set account policies and user rights, is familiar with auditing and read audit logs, and can configure other similar system-related functionality.
Target Operational Environment:
- Managed
Testing Information:
Section 3 of CIS_VMware_ESX_Server_Benchmark_v1.0.pdf contains "Preconditions".
Regulatory Compliance:
Not provided.
Comments/Warnings/Miscellaneous:
Not provided.
Disclaimer:
Proper use of the recommendations requires careful analysis and adaptation to specific user requirements. The recommendations are not in any way intended to be a quick fix for anyone's information security needs. CIS makes no representations, warranties or covenants whatsoever as to (i) the positive or negative effect of the products or the recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness or completeness of any product or recommendation. CIS is providing the products and the recommendations as is and as available without representations, warranties or covenants of any kind.
Product Support:
http://www.vmware.com/support/
Point of Contact:
cis-feedback@cisecurity.org
Sponsor:
http://www.cisecurity.org/
Licensing:
http://www.vmware.com/support/licensing.html Single-Processor Pricing & Licensing http://www.vmware.com/download/eula/single_processor.html Multi-Core Pricing & Licensing http://www.vmware.com/download/eula/multicore.html
Change History:
Dependency/Requirements:
| URL | Description |
|---|
References:
| Reference URL | Description |
|---|
NIST checklist record last modified on 10/07/2010
* This checklist is still undergoing review for inclusion into the NCP.