VMware Cloud Community
R0SE
Contributor
Contributor
‎06-06-2021 06:34 PM
Jump to solution

Is STIG available for ESXi 6.5 and above

Dose VMware have their own STIG tool or application for this or does a third party tool need to be downloaded and installed?

I'm looking for a STIG tool supported by VMware that always me to check how well my ESXi hosts and vCentre are hardened and highlight the risks of each issue found.

Are you able to provide me with links to the appropriate software / application and installation and testing instructions.

 

Kind Regards  

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
nachogonzalez
Commander
Commander
‎06-06-2021 10:51 PM
Jump to solution

In addition to that, vROPs has alerts and dashboards based on best practices and security advisories and you can customize your own and install ones developed by the community. ( for example: VMware ESXi Hardening Dashboard - Samples - VMware {code})
And also, there are some scripts/flings that allow to configure some hardening settings. (For example: VMware vSphere Security Hardening Report Check - Samples - VMware {code})

Please note, except for vROPs that is a tool developed, mantained and sold by VMware, the other options are third party tools. 

Hope that works 

Blog Nachogonzalez.com.ar Twitter @nachogon_

View solution in original post

0 Kudos
3 Replies
nachogonzalez
Commander
Commander
‎06-06-2021 10:47 PM
Jump to solution

I didn't know the term STIG, they say you learn something new every day. 🙂 

Maybe this works VMware vSphere Security Configuration Guide | VMware


Blog Nachogonzalez.com.ar Twitter @nachogon_
Tags (1)
0 Kudos
nachogonzalez
Commander
Commander
‎06-06-2021 10:51 PM
Jump to solution

In addition to that, vROPs has alerts and dashboards based on best practices and security advisories and you can customize your own and install ones developed by the community. ( for example: VMware ESXi Hardening Dashboard - Samples - VMware {code})
And also, there are some scripts/flings that allow to configure some hardening settings. (For example: VMware vSphere Security Hardening Report Check - Samples - VMware {code})

Please note, except for vROPs that is a tool developed, mantained and sold by VMware, the other options are third party tools. 

Hope that works 

Blog Nachogonzalez.com.ar Twitter @nachogon_
0 Kudos
R0SE
Contributor
Contributor
‎06-06-2021 11:45 PM
Jump to solution

Thank you for the update nachogonzalez.

This would be the prefect solution but to expensive for my organisation. All we really need is the "Integrated Compliance checker". 

Basically you a tool that can test what the current vulnerabilities are and report on them.

Thanks

0 Kudos