Skip to content

Commit 74442cb

Browse files
freddyfeelgoodfreddyfeelgood
authored
Merge pull request vmware#295 from vmware/q2-2025-disa-updates
updates for q2 2025 quarterly disa release
2 parents 629b449 + fbe2cd3 commit 74442cb

File tree

1,269 files changed

+87475
-56
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,269 files changed

+87475
-56
lines changed

vsphere/7.0/README.md

Lines changed: 32 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -3,37 +3,38 @@
33
## Compatibility
44
The table below provides supported interoperability between product and STIG versioning. Application of STIG content outside interoperable versions is not supported.
55

6-
| Version | V1R1* | V1R2* | V1R3* | V1R4* | V1R1 | V1R2 | V1R3 |
7-
|:-----------------:|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|
8-
| `7.0 U2` | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
9-
| `7.0 U2a` | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
10-
| `7.0 U2b` | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
11-
| `7.0 U2c` | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
12-
| `7.0 U2d` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
13-
| `7.0 U3` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
14-
| `7.0 U3a` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
15-
| `7.0 U2c` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
16-
| `7.0 U2d` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
17-
| `7.0 U3` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
18-
| `7.0 U3a` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
19-
| `7.0 U3c` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
20-
| `7.0 U3d` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
21-
| `7.0 U3e` | :x: | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: |
22-
| `7.0 U3f` | :x: | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: |
23-
| `7.0 U3g` | :x: | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: |
24-
| `7.0 U3h` | :x: | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: |
25-
| `7.0 U3i` | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
26-
| `7.0 U3j` | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
27-
| `7.0 U3k` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
28-
| `7.0 U3l` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
29-
| `7.0 U3m` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
30-
| `7.0 U3n` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
31-
| `7.0 U3o` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
32-
| `7.0 U3p` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
33-
| `7.0 U3q` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
34-
| `7.0 U3r` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
35-
| `7.0 U3s` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
36-
| `7.0 U3t` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
6+
| Version | V1R1* | V1R2* | V1R3* | V1R4* | V1R1 | V1R2 | V1R3 | V1R4 |
7+
|:-----------------:|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|:------------------:|
8+
| `7.0 U2` | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
9+
| `7.0 U2a` | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
10+
| `7.0 U2b` | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
11+
| `7.0 U2c` | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
12+
| `7.0 U2d` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
13+
| `7.0 U3` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
14+
| `7.0 U3a` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
15+
| `7.0 U2c` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
16+
| `7.0 U2d` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
17+
| `7.0 U3` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
18+
| `7.0 U3a` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
19+
| `7.0 U3c` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
20+
| `7.0 U3d` | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: |
21+
| `7.0 U3e` | :x: | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
22+
| `7.0 U3f` | :x: | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
23+
| `7.0 U3g` | :x: | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
24+
| `7.0 U3h` | :x: | :x: | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
25+
| `7.0 U3i` | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
26+
| `7.0 U3j` | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
27+
| `7.0 U3k` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
28+
| `7.0 U3l` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
29+
| `7.0 U3m` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
30+
| `7.0 U3n` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
31+
| `7.0 U3o` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
32+
| `7.0 U3p` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
33+
| `7.0 U3q` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
34+
| `7.0 U3r` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
35+
| `7.0 U3s` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
36+
| `7.0 U3t` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
37+
| `7.0 U3u` | :x: | :x: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
3738

3839
> [!NOTE]
3940
> - \* Denotes STIG Readiness Guide

vsphere/7.0/docs/README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,8 @@ For information on support for STIGs see: https://knowledge.broadcom.com/externa
3333
|:-----------------:|:------------------:|:------------------:|:------------------:|
3434
| `V1R1` | Official STIG | 2023/03/15 |[U_VMW_vSphere_7-0_Y23M03_STIG.zip](U_VMW_vSphere_7-0_Y23M03_STIG.zip)|
3535
| `V1R2` | Official STIG | 2023/07/26 |[U_VMW_vSphere_7-0_Y23M07_STIG.zip](U_VMW_vSphere_7-0_Y23M07_STIG.zip)|
36-
| `V1R3` | Official STIG | 2024/01/22 |[U_VMW_vSphere_7-0_Y24M01_STIG.zip](https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y24M01_STIG.zip)|
36+
| `V1R3` | Official STIG | 2024/01/22 |[U_VMW_vSphere_7-0_Y24M01_STIG.zip](U_VMW_vSphere_7-0_Y25M01_STIG.zip)|
37+
| `V1R4` | Official STIG | 2024/01/22 |[U_VMW_vSphere_7-0_Y25M04_STIG.zip](https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y25M04_STIG.zip)|
3738

3839

3940
## Viewing

vsphere/7.0/docs/U_VMW_vSphere_7-0_Y24M01_STIG.zip

3.55 MB
Binary file not shown.

vsphere/7.0/docs/U_VMW_vSphere_7-0_Y25M01_STIG.zip

3.55 MB
Binary file not shown.

vsphere/7.0/docs/U_VMW_vSphere_7-0_Y25M04_STIG.zip

3.54 MB
Binary file not shown.

vsphere/7.0/v1r4-stig/vcsa/Diagram.png

46.3 KB
Loading

vsphere/7.0/v1r4-stig/vcsa/README.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
# vCenter Server Appliance
2+
3+
## Overview
4+
The vCenter Server Appliance (VCSA) is vCenter as you know it but delivered without the dependency on Windows Server. The bundle includes a Linux operating system, a number of web servers and a database, as illustrated below. The green boxes are in scope of this STIG while the vCenter application itself is addressed separately.
5+
6+
7+
<img src="https://github.com/vmware/dod-compliance-and-automation/blob/master/vsphere/7.0/vcsa/Diagram.png" width="484" height="457">

vsphere/7.0/v1r4-stig/vcsa/ansible/vmware-vcsa-7.0-stig-ansible-hardening/.yamllint

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
---
2+
3+
rules:
4+
line-length:
5+
max: 280
6+
level: warning

vsphere/7.0/v1r4-stig/vcsa/ansible/vmware-vcsa-7.0-stig-ansible-hardening/CHANGELOG.md

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
# Change Log
2+
3+
## [7.0 Version 1 Release 1] (2023-07-26)
4+
5+
#### Release Notes
6+
- Fixed vami backup not working as intended with identical file names
7+
- Updated playbook.yml Photon vars
8+
- Renamed example vars file and removed vars file for older VCSA versions
9+
- VCLU-70-000007 enabled task again by default and updated user/group/permissions being set
10+
- VCST-70-000006 updated task to account for new line in check text
11+
- VCUI-70-000007 updated task to match new check text
12+
- VCLD-70-000007 updated task to match new check text
13+
14+
## [7.0 Version 1 Release 1] (2023-03-15)
15+
16+
#### Release Notes
17+
- No changes for official STIG V1R1 release
18+
19+
## [7.0 Version 1 Release 4] (2022-10-28)
20+
21+
#### Release Notes
22+
- VCPG-70-000003 Updated group to reflect new group used for vPostgres
23+
- VCPG-70-000005 Updated group to reflect new group used for vPostgres
24+
- VCPG-70-000012 Updated group to reflect new group used for vPostgres
25+
- PHTN-30-000039 Excluded in favor of configuring syslog in the VAMI
26+
- PHTN-30-000058 Excluded in favor of configuring ntp in the VAMI
27+
- VCPF-70-000017 Updated check to accomodate new service permission defaults
28+
- VCUI-70-000007 Updated
29+
- Misc typo fixes
30+
31+
## [7.0 Version 1 Release 3] (2022-04-29)
32+
33+
#### Release Notes
34+
- Ansible lint corrections
35+
- Profile now pulls Photon content from the Photon source repo instead of a copy here
36+
- Reworked PostgreSQL tasks to not edit config file and instead set values through psql
37+
- VCEM-70-000017 Updated owner and group
38+
- VCLU-70-000007 Updated permissions to 640
39+
- VCPF-70-000029 fix updated to match updates to log4j properties
40+
- VCUI-70-000005 Updated log pattern
41+
- VCUI-70-000017 Updated owner and group
42+
- VCLD-70-000056 Added control
43+
44+
#### Known Issues
45+
- Some versions of vCenter may ship with "FipsMode yes" twice in the sshd_config. When the playbook adds the ciphers option this may cause sshd to not start because it requires the ciphers option to be after FipsMode.
46+
47+
## [7.0 Version 1 Release 2] (2021-09-15)
48+
49+
#### Release Notes
50+
- Content updates for check/fix text in various controls
51+
52+
## [7.0 Version 1 Release 1] (2021-03-05)
53+
54+
#### Release Notes
55+
- Initial release

0 commit comments

Comments
 (0)