Versions Compared

Old Version 3

changes.mady.by.user Allan Cornwell

Saved on

compared with

New Version Current

changes.mady.by.user Amanda McGown

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Product Name

CIS-CAT Pro Assessor v4

Product Versionany

v4.x.x+

Date

31 Jul

Problem

An ESXi host is placed into Lockdown Mode as per the following L1/L2 Benchmark Recommendations:

Once applied, the CIS-CAT Pro Assessor tool can no longer perform a remote assessment against the target.

Solution

Add the root user (or other applicable ESXi scan user account) to the Exception Users list as outlined in the following Recommendation:

If using a non-root account, the user must also be explicitly added to the DCUI.Access list:

This will then exempt the scan user from Lockdown mode restrictions, allowing an assessment to be conducted with the Recommendation settings properly applied. For additional guidance on conducting ESXi assessments using CIS-CAT Pro Assessor, please refer to the following Quick Start Guide:
Quick Start Guide: ESXi Assessment using GUI (Windows)

Keywords; ESXi Lockdown Mode root exception Assessor scan

Content by Label

Filter by label (Content by label)
showLabelsfalse
showSpacefalse
cqllabel = "sbp_fer"

Copyright © 2024

Center for Internet Security®

Privacy Policy

Page Properties
hiddentrue

Action

Name(s)

Date

Linked ticket

Jira Legacy
serverSystem Jira
serverIdb90ca2a8-9df7-3869-89db-c424866c1b16
keySUPPORT-36157

Created by

Allan Cornwell

Reviewed by

SBP Product Technical Support Team (Amanda McGown Allan Cornwell Andrew Dannenberger Nick Romanzo )

Approved by

support

Remove by