The following Information Systems Agency (DISA) Field Security Operations (FSO) and Department of Defense (DoD) white paper virtualization white paper will assist you in meeting the minimum requirements, standards, controls, and options that must be in place for VMware ESX Server infrastructures.
A core mission for the Defense Information Systems Agency (DISA) Field Security Operations (FSO) is to secure Department of Defense (DoD) Computing systems. The processes and procedures outlined in this Security Technical Information Guide (STIG), when applied, will decrease the risk of unauthorized disclosure of sensitive information. Security is clearly still one of the biggest concerns for our DoD customers, for example, the war fighter.
The requirements set forth in this document will assist Information Assurance Managers (IAM), Information Assurance Officers (IAO/SA), Network Security Officers (NSO), and System Administrators (SAs) in support of protecting DoD Virtual Computing systems.
The Information Operations Condition (INFOCON) for the DoD recommends actions during periods when a heightened defensive posture is required to protect DoD computer networks from attack. The IAO will ensure compliance with the security requirements of the current INFOCON level and will modify security requirements to comply with this guidance. Password length and complexity given throughout this document must be adjusted as needed to comply with INFOCON guidance.
This document contains a set of principles and guidelines that serve as the basis for establishing VMware ESX Server environments within the DoD. This STIG will focus on guidance for the ESX Server.
The policy portions of this STIG are relevant to all ESX Servers connected to either the DoD Unclassified (But Sensitive) Internet Protocol Router Network (NIPRNet) or Secret Internet Protocol Router Network (SIPRNet).
To learn more and to download the above VMware security white paper please visit: VMware ESX Server Security Technical Implementation Guide