VCF Operations and the DISA Regulatory Benchmark

We've discussed Security and Compliance before a few times:

• Compliance with Aria Operations

• Aria Operations Custom Benchmarks

• Manage VMware vSphere Configuration and Compliance with vRealize Operations

This blog will focus on the DISA Security Standards Regulatory Benchmark, screenshots here are taken from Operations 8.18.5.

Out of the box, none of the Regulatory Benchmarks are activated. To activate them you select ACTIVATE FROM REPOSITORY which will install the Management Pack. Once installed you enable them by selecting ENABLE, which will enable the Alerts/Symptoms in the Policy/s you choose. Enablement will initiate an initial assessment and within minutes you'll know if your environment is Compliant or not.

As you can see in my lab I have 21 Non-Compliant objects, let's explore. Clicking on the DISA Security Standards tile will give us this.

I have 15 non-compliant ESXi Hosts and 6 non-compliant VMs. To see the details click on the Alert link in blue.

This will take you to the ESXi Host Alerts page, showing the Alert and Symptoms triggering it, these are the DISA Benchmarks being violated. I won't list all of them, but here are a few:

• The welcome message is not configured, which you can confirm by looking at the property itself:

  

• SSH is running, which you can confirm by looking at that property:

  

• Maximum failed login attempts is not set to the recommended value (which is 3):

  

For a list of all DISA-related Alerts you can at the Alert Definitions.

To see the Symptom/s defining each Alert, select it.

Each of the Symptoms will map to a standard defined by DISA. To find all Symptoms defined by the DISA Compliance Pack go here.

We can add/remove/change any of these to meet your DISA requirements. Of course we can Notify on these Alerts as well, be that a simple email or an Incident generated in ServiceNow. Hope this was helpful!