Please provide your feedback in this short Flings' survey.
Jun 21, 2021

Is there any movement on making the 7.0 version Production ready?

Jun 22, 2021

Hi Joe there are no plans to productize the VIB but to eliminate the need for it by enabling programmatic access to the settings that do not have it.

Jun 22, 2021

I dont see a valid STIG to check with the cyber mill to check against. Just trying to see how to get it prod approved :)

Jun 08, 2021

Is there a timeline on the 7.0.2 version? We are building out a new environment and the 7.0.1 version does not seem to work as it is not setting any of the STIG settings on a 7.0.2 host.

Jun 08, 2021

Hi Justin the 7.0 VIB should only update the sshd_config file. Are you seeing that not updated at all?

Jun 08, 2021

There are some setting that are good. However, these settings are not being updated:

GSSAPIAuthentication no
GSSAPIAuthentication no
MaxSessions 1

Will this be updated to do most of the STIG settings? Or will it not be until an actual 7 checklist comes out?

May 28, 2022

Yes, I just applied the 7.0 STIG VIB to one of my ESXi 7 hosts and noticed "KerberosAuthentication no" also seems to be missing.

One thing I am also noticing is that after applying the VIB I can no longer access SSH even when turning the service on. I get immediately rejected, no login prompt. SSH was working fine beforehand. I have not yet tried to remove the VIB and see if connectivity is restored. Wondering if anyone else was seeing this behavior.

Jun 08, 2021

Ok so the 7.0 VIB was created against a draft of our 7.0 STIG and the settings will be different from the 6.5 or 6.7 STIGs. GSSAPIAuthentication for example is a deprecated option in the ssh version ESXi 7.0 is running.

May 20, 2021

Hi - I see that the GitHub code base has been updated for the official DoD 6.7 v1r1 STIG which released a few weeks ago. In looking at the changelog for the 6.7 VIB it doesn't seem like the VIB has been updated yet to reflect these changes. Can you please confirm if the vmware_dod_stig_vibs_6.7_1.0.0.zip VIB is written to cover the new DoD 6.7 STIG v1r1?

Thanks!

Jun 02, 2021

Hi Jay. Yes with the exception of the ciphers list it covers the 6.7 STIG V1R1. The ciphers will be updated in the next revision of the STIG which will then match the VIB.

May 11, 2021

On the New 6.7 DOD STIG there is a requirement to add MaxSessions 1

We are fully Vsphere 7 and don't see an option to add this without removing the entire VIB

Is there any knowledge that this stig was deprecated??

Jun 02, 2021

Hi Roger. We removed MaxSessions from the 7.0 content after doing a review of this setting and found it to be of no value.

May 11, 2021

Hi Roger. The 7.0 VIB is based on our draft vSphere STIG content and will not always align to the 6.7 content and this particular setting has been removed in our 7.0 content.