Risk Profiles indicate the relative increase in security provided by the guidelines. Guidelines are grouped in “Risk Profiles”. In others, it’s a new or different value. In some cases, the default values are sufficient and the check is an audit to ensure that the value is correct.
What are left are the things that can be checked via API’s, CLI’s and other tools for attestable values. This, in no way, lessens their importance! However, each one of these will generally be specific to your environment and as such require conversations with your security professionals and your auditors on implementation details and attestation. Instead, they rely on an individual signing off that they are done correctlyĬonsider the example of “Run your vCenter and ESXi management interfaces on a separate management network” as something that meets each of these bullet points.įor the vSphere 6.0 Hardening Guide, the “operational” or “best practices” guidelines have been moved to vSphere Security documentation.
They can be addressed or mitigated in many ways.Operational guidelines present unique challenges. Programmatic Guidance – Set this value to “True”.Operational guidance – How you use the product.Separation of programmatically configured and testable “settings” from operational guidance. The intent of this article is to go over some of the major changes that come with the new 6.0 guide prior to its release. A goal of the vSphere 6.0 Hardening Guide is to make the guide easier to implement and assess. Version 6.0 of the vSphere Hardening Guide is the next step in the evolution of the guide. Hardening Guides are an industry recognized method of implementing stricter security to meet regulatory and local security standards above and beyond frameworks like Common Criteria. These organizations map compliance guidelines with vSphere Hardening Guide guidelines. The vSphere Hardening Guide also serves as a foundation upon which regulatory compliance objectives are built.
The vSphere Hardening Guide provides guidance on how to securely deploy VMware vSphere in a production environment.