STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to VMware vRealize Automation 7.x vAMI Security Technical Implementation Guide

V-240937

CAT I (High)

The vAMI must not contain any unnecessary functions and only provide essential capabilities.

Rule ID

SV-240937r879587_rule

STIG

VMware vRealize Automation 7.x vAMI Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000381

Discussion

Application servers provide a myriad of differing processes, features and functionalities. Some of these processes may be deemed to be unnecessary or too unsecure to run on a production DoD system. Application servers must provide the capability to disable or deactivate functionality and services that are deemed to be non-essential to the server mission or can adversely impact server performance, for example, disabling dynamic JSP reloading on production application servers as a best practice.

Check Content

Review the vAMI directories and files.

Determine if there are any tutorials, examples, or sample code.

If any tutorials, examples, or sample code is present, this is a finding.

Fix Text

Remove all tutorials, examples, and sample code.