Quick Start Guide: ESXi Assessment using GUI (Windows)

Overview

This guide will walk through conducting an ESXi version 6.7, 7.0, or 8.0 Benchmark assessment using the CIS-CAT Pro Assessor v4 GUI (Windows only). Assessor utilizes components of VMware PowerCLI to validate settings and gather information during the scan.

For more information on this process, please refer to the Configuration Guide:
https://ciscat-assessor.docs.cisecurity.org/en/latest/Configuration%20Guide/#vmware-esxi-assessment

Requirements

Implementation Steps

1

Verify PowerCLI is installed before running CIS-CAT Pro Assessor v4 (see above).

2

Launch Assessor-GUI.exe as Administrator (right-click -> “Run as administrator”).

3

Select the “Advanced” → “Add Remote or Local Target System” option:

 

4

In the following screen, enter the required prompts.

  • Fill in the “Target System Name” (cannot start with a number, contain spaces or special characters). This entry does not need to match the ESXi hostname and is used for reporting only.

  • Set the “Target System Type” to “Local”

This choice may be counterintuitive (as the target ESXi host is not local),
but is required as the assessment itself is carried out via PowerShell from the local host.

  • Under “Benchmarks”, choose the applicable Benchmark (either ESXi 6.7, 7.0, or 8.0)
    as well as your desired Profile level (L1 or L2), then select “Add”.

5

You will be prompted for a connection string to your ESXi host.

Enter your ESXi username (such as root), followed by / and the password, and finally the connection IP or hostname after the @ character. Example:
root/mysecurepassword@192.168.41.60

Select “OK“ followed by “Save” in the bottom right to proceed to the next screen.

6

Review your settings and choose “Next” (no connection test is necessary for this assessment).

7

Under “Report Output Options”, select your desired reporting formats (HTML is recommended) and choose “Next” to launch the ESXi assessment.

CLI & Troubleshooting Steps

For details on running an ESXi assessment via CLI instead, please refer to this KB article:
How to use CIS-CAT Pro Assessor v4 to assess VMWare ESXi

If the final report returns “Unknown” results for each Recommendation, or you encounter Certificate or other connectivity errors, please refer to the following troubleshooting articles:

Getting Unknown Results on ESXi Assessment

ESXi Certificate issues

Cannot connect to ESXi Target for Assessment

For continued issues with ESXi assessments, please open a ticket with CIS Product Support including the following information and INFO-level log files:

Diagnostic / debug information to troubleshoot CIS-CAT Pro Assessor v4 issues.

 


 

Copyright © 2024 Center for Internet Security® Privacy Policy