The Defense Information Systems Agency (DISA) Security Standards ensure the protection of the Department of Defense's IT systems. These standards, known as Security Technical Implementation Guides (STIGs), provide detailed guidelines for securing various components. STIGs are regularly updated to address new threats and technological changes. Compliance with these standards is mandatory for all DoD systems and contractors. DISA also offers tools and resources to help organizations implement these security measures effectively. Aria Operations supports DISA Compliance Pack for assessing vSphere resources.

The Aria Operations Compliance Pack for Defense Information Systems Agency (DISA) Security Standards is updated to the following version in Aria Operations 8.18:

• VMware vSphere 7.0 Version 1 Release 2: 26 July 2023
• VMware vSphere 8 Version 1 Release 1: 03 November 2023

Attached to this article is DISA_Controls_vSphere_ver7x_ver8x.xlsx; which contains the details of the conditions implemented in Aria Operations 8.18 and is based on the above mentioned versions of the benchmark. The list also has the details of manual controls where conditions are excluded from automated assessment. This list of controls can be used to perform manual checks on your vSphere environments.