I used the root disable VIB and can't login so assumed I could use root enable to enable root again, but didn't work. My AD account can SSH in but I get access denied editing sshd_config since tied to rrot. Anyway to change this without being at physical box?

I would ssh with your AD account and remove whichever vib is installed and reboot then verify access then try out the root enable one.

Thanks for the reply.
What I am doing wrong?
[DOMAIN\Admin@HOST1:~] esxcli software vib list | grep stig
dod-esxi67-stig-rd 1.0.0-0.1.14639234 VMware VMwareCertified 2020-05-04
[DOMAIN\Admin@HOST1:~] esxcli software vib remove -n dod-esxi67-stig-rd
[NoMatchError]
No VIB matching VIB search specification 'dod-esxi67-stig-rd'.
Please refer to the log file for more details.
[DOMAIN\Admin@HOST1:~]

Just guessing but it maybe have already been removed from when you switched to root enabled and is just pending a reboot to finish.

That was it and I can get back in as root, however I haven't tried to apply RE stig yet.

Thanks for the help.

Just an observation; It's not very obvious what version the "6.5-7_" VIB refers to, it could be read as both "6.5 to 6.7" (which it is) or as "6.7 to 7.0". I realize 7.0 wasn't out when it was published, but now that v7 is released it could be open to misunderstanding.

Good observation. We can probably make a note or fix that on the next update.

By any chance has anyone used this with a vxRail ?

I am hpoing to get a little insight into why there is no STIG specificallyn for VCSA 6.0+ and above? Does the vCenter Appliance already come hardened? Thank you in advance.

Never mind. I saw a previous comment with a link to DISA for asking STIG questions. I sent them this same question.