From VMW vRealize Automation 7.x vAMI Security Technical Implementation Guide
Part of SRG-APP-000315-AS-000094
Associated with: CCI-002314
Application servers provide remote access capability and must be able to enforce remote access policy requirements or work in conjunction with enterprise tools designed to enforce policy requirements. Automated monitoring and control of remote access sessions allows organizations to detect cyber attacks and also ensure ongoing compliance with remote access policies by logging connection activities of remote users. Examples of policy requirements include, but are not limited to, authorizing remote access to the information system, limiting access based on authentication credentials, and monitoring for unauthorized access.
Interview the ISSO and/or the SA. Determine if access credentials for the vAMI are controlled by a site policy. If a site policy does not exist, or is not being followed, this is a finding.
Develop and implement a site procedure to control access credentials for the vAMI.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer