The U.S. Department of Defense (DOD), Defense Information Systems Agency (DISA), develops configuration standards known as Security Technical Implementation Guides (STIGS) as one of the ways to maintain the security of DOD IT infrastructure. These guides provide technical guidance to lock down information systems and/or software that might otherwise be vulnerable to an attack. Dell offers manual and automated steps for configuring VxRail to comply with DoD Information Network (DISA) STIG requirements.
Download the required VxRail STIG Hardening Package from the Dell support website (see the download link in the References section). Access to these documents depends on your login credentials. If you do not have access to a document, contact your Dell Technologies representative.
The components of the System Under Hardening (SUH) and STIGs that are covered by this guidance are described in the following table. See the VxRail STIG Assessment Index file for full details of coverage.
The following table lists the SUH and STIGs components:
SUH components | Coverage | Tested DISA STIGs |
VxRail and HCI system software | 7.0.131 or later | The SUH is based on VxRail 7.0.x only. |
VxRail Manager | Full | Application Security Development STIG v5, Release1 Application Server SRG v3, Release 1 SUSE Linux Enterprise Server (SLES) 12 STIG v2, Release 3 SUSE Linux Enterprise Server (SLES) 15 STIG v1, Release 2 |
VxRail Node | VMware ESXi only | VMware vSphere 7.0 ESXi draft STIG |
VMware vCenter Server | VxRail-managed VMware vCenter Server | VMware vSphere 7.0 vCenter draft STIG |
VxRail deployed VMs | Any deployed VM | VMware vSphere 7.0 Virtual Machine draft STIG |