STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to VMware vSphere 8.0 vCenter Security Technical Implementation Guide

V-258945

CAT II (Medium)

The vCenter Server must use unique service accounts when applications connect to vCenter.

Rule ID

SV-258945r961863_rule

STIG

VMware vSphere 8.0 vCenter Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000366

Discussion

To not violate nonrepudiation (i.e., deny the authenticity of who is connecting to vCenter), when applications need to connect to vCenter they must use unique service accounts.

Check Content

Verify each external application that connects to vCenter has a unique service account dedicated to that application.

For example, there should be separate accounts for Log Insight, Operations Manager, or anything else that requires an account to access vCenter.

If any application shares a service account that is used to connect to vCenter, this is a finding.

Fix Text

For applications sharing service accounts, create a new service account to assign to the application so that no application shares a service account with another.

When standing up a new application that requires access to vCenter, always create a new service account prior to installation and grant only the permissions needed for that application.