Content Support
Support for issues related to content in an Official STIG should be addressed by emailing DISA at: [email protected]
A ticket for the issue must be open in order to update the guidance in a future STIG release. DISA will work with VMware to address any tickets needing content updates as necessary.
Product Support
A support request may be opened in these cases if a valid support agreement is in place.
Content Support
Support for issues related to content in a STIG Readiness Guide should be addressed by emailing: [email protected]
Requests received will be processed on a best effort basis and any needed content updates published in the next content release. In between releases, issues will be documented in a known issues document available in a products folder in this repository.
Product Support
A support request may be opened in these cases if a valid support agreement is in place.
Support for automation examples is community based and provided on a best effort basis.
If an issue is encountered, please check the open and closed issues in the issue tracker for the details of your issue. If you can't find it, or if you're not sure, open a new issue.
A known issues document may also be available for a product and version in that products docs folder.
Before contacting support consider the following:
VMware accepts no liability for the consequences of applying specific configuration settings made on the basis of the SRGs/STIGs. It must be noted that the configuration settings specified should be evaluated in a local, representative test environment before implementation in a production environment, especially within large user populations. The extensive variety of environments makes it impossible to test these configuration settings for all potential software configurations.
For some production environments, failure to test before implementation may lead to a loss of required functionality. Evaluating the risks and benefits to a system’s particular circumstances and requirements is the system owner's responsibility. The evaluated risks resulting from not applying specified configuration settings must be approved by the responsible Authorizing Official.
Furthermore, VMware implies no warranty that the application of all specified configurations will make a system 100 percent secure. Security guidance is provided for the Department of Defense. While other agencies and organizations are free to use it, care must be given to ensure that all applicable security guidance is applied both at the device hardening level as well as the architectural level. Some of the controls may not be configurable in environments outside the DoDIN.