← Back to VMware vRealize Automation 7.x vAMI Security Technical Implementation Guide

V-240963

CAT II (Medium)

The vAMI sfcb server certificate must only be accessible to authenticated system administrators or the designated PKI Sponsor.

Rule ID

SV-240963r879885_rule

STIG

VMware vRealize Automation 7.x vAMI Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-002450

Discussion

An asymmetric encryption key must be protected during transmission. The public portion of an asymmetric key pair can be freely distributed without fear of compromise, and the private portion of the key must be protected. The application server will provide software libraries that applications can programmatically utilize to encrypt and decrypt information. These application server libraries must use NIST-approved or NSA-approved key management technology and processes when producing, controlling, or distributing symmetric and asymmetric keys.

Check Content

At the command prompt, execute the following command:

ls -l /opt/vmware/etc/sfcb/server.pem

If permissions on the certificate file is not -r--r----- (440), this is a finding.

Fix Text

At the command prompt, enter the following command:

chmod 440 /opt/vmware/etc/sfcb/server.pem