Please provide your feedback in this short Flings' survey.
Jul 28, 2021

Thanks for all the work on the VIBs.. However some of the settings inside the VIB I have to undo so I can support other cyber functions in the tactical space, is there any way to update the VIB? Should I just edit our custom ISO vsphere install and just copy contents out to apply during install? Should I just deploy the VIB and have systems undo the STIGs needed for their systems and document?

Aug 10, 2021

Hi pacificeve,

Please reach out to stigs@vmware.com so we can discuss your scenario and see what we can do to help.

Jun 21, 2021

Is there any movement on making the 7.0 version Production ready?

Jun 22, 2021

Hi Joe there are no plans to productize the VIB but to eliminate the need for it by enabling programmatic access to the settings that do not have it.

Jun 22, 2021

I dont see a valid STIG to check with the cyber mill to check against. Just trying to see how to get it prod approved :)

Jun 08, 2021

Is there a timeline on the 7.0.2 version? We are building out a new environment and the 7.0.1 version does not seem to work as it is not setting any of the STIG settings on a 7.0.2 host.

Jun 08, 2021

Hi Justin the 7.0 VIB should only update the sshd_config file. Are you seeing that not updated at all?

Jun 08, 2021

There are some setting that are good. However, these settings are not being updated:

GSSAPIAuthentication no
GSSAPIAuthentication no
MaxSessions 1

Will this be updated to do most of the STIG settings? Or will it not be until an actual 7 checklist comes out?

May 28, 2022

Yes, I just applied the 7.0 STIG VIB to one of my ESXi 7 hosts and noticed "KerberosAuthentication no" also seems to be missing.

One thing I am also noticing is that after applying the VIB I can no longer access SSH even when turning the service on. I get immediately rejected, no login prompt. SSH was working fine beforehand. I have not yet tried to remove the VIB and see if connectivity is restored. Wondering if anyone else was seeing this behavior.

Jun 08, 2021

Ok so the 7.0 VIB was created against a draft of our 7.0 STIG and the settings will be different from the 6.5 or 6.7 STIGs. GSSAPIAuthentication for example is a deprecated option in the ssh version ESXi 7.0 is running.

May 20, 2021

Hi - I see that the GitHub code base has been updated for the official DoD 6.7 v1r1 STIG which released a few weeks ago. In looking at the changelog for the 6.7 VIB it doesn't seem like the VIB has been updated yet to reflect these changes. Can you please confirm if the vmware_dod_stig_vibs_6.7_1.0.0.zip VIB is written to cover the new DoD 6.7 STIG v1r1?

Thanks!

Jun 02, 2021

Hi Jay. Yes with the exception of the ciphers list it covers the 6.7 STIG V1R1. The ciphers will be updated in the next revision of the STIG which will then match the VIB.