System Manager supports Standard, Commercial, and Military Grade security hardening. By default, System Manager comes with a Standard Grade hardening configuration. No additional action is required to set up this configuration.
Each security hardening grade applies specific security attributes as summarized in the following table:
Security attribute |
Standard grade |
Commercial grade |
Military grade |
VM Configuration Hardening1 |
Y |
Y |
Y |
Password Management |
Y |
Y |
Y (more restrictive) |
Login and Session Management |
Y |
Y |
Y |
System and Application Files Hardening |
Y |
Y |
Y |
Certificate Management |
Y |
Y |
Y |
Support TLS 1.3 |
Y |
Y |
Y |
FIPS 140-2 Compliance |
— |
Y |
Y |
Multifactor Authentication (PIV and CAC support) |
Y |
Y |
Y |
SELinux Enabled |
— |
— |
Enforced |
Audit Management |
Y |
Y |
Y (+ OS level audit) |
AIDE (File Tampering Prevention) |
— |
— |
Y |
Fapolicy (File access policy |
— |
— |
Y |
Note:
1: VMware ESXi VMX configuration file hardening applied as part of the Solution Deployment Manager deployment.
|
