Versions Compared

Old Version 4

changes.mady.by.user Allan Cornwell

Saved on

compared with

New Version Current

changes.mady.by.user Amanda McGown

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Product Name

CIS-CAT Pro Assessor v4

Product Versionany

v4.x.x+

Date

31 Jul

Problem

An ESXi host is placed into Lockdown Mode as per the following L1/L2 Benchmark Recommendations:

Once applied, the CIS-CAT Pro Assessor tool can no longer perform a remote assessment against the target.

Solution

Add the root user (or other applicable ESXi scan user account) to the Exception Users list as outlined in the following Recommendation:

If using a non-root account, the user must also be explicitly added to the DCUI.Access list:

This will then exempt the scan user from Lockdown mode restrictions, allowing an assessment to be conducted. For additional guidance on ESXi assessments using CIS-CAT Pro Assessor, please refer to the following Quick Start Guide:
Quick Start Guide: ESXi Assessment using GUI (Windows)

Keywords; ESXi Lockdown Mode root exception Assessor scan

Content by Label

Filter by label (Content by label)
showLabelsfalse
showSpacefalse
cqllabel = "sbp_fer"

Copyright © 2024

Center for Internet Security®

Privacy Policy

Page Properties
hiddentrue

Action

Name(s)

Date

Linked ticket

Jira Legacy
serverSystem Jira
serverIdb90ca2a8-9df7-3869-89db-c424866c1b16
keySUPPORT-36157

Created by

Allan Cornwell

Reviewed by

SBP Product Technical Support Team (Amanda McGown Allan Cornwell Andrew Dannenberger Nick Romanzo )

Approved by

support

Remove by