DISA STIG for NSX

If you’ve ever provided IT services on Department of Defense (DoD) computer systems, then you are probably aware of DISA Security Requirements Guides (SRGs), DoD Security Technical Implementation Guides (STIGs), and Security Readiness Review (SRR) Tools.  The SRGs define DoD security requirements for systems, the STIGs provide specific guidelines detailing how a system administrator should configure a system to enable a stronger security posture, and the SRRs provide tools to verify compliance.

DISA provides the SRGs, STIGs and SRRs for a number of platforms including: Operating Systems like Windows, Linux, Mac OS; Networks and Networking Gear; Mobility and Mobile Devices; Applications Software like Oracle, Web Servers, Google’s Search Appliance, etc.  Recently, DISA came out with a STIG specifically for VMware’s NSX network virtualization and security product.  The DISA STIG for NSX provides specific guidance on configuring various components of an NSX environment, including the NSX Manager, Distributed and Edge Routers, and the Distributed Firewall.  By following the STIG for NSX, an administrator is able to create a stronger security posture for NSX.  VMware also distributes a hardening guide for NSX that provides additional fine grain tuning for NSX to make it even more secure.

The VMware hardening guide can be found here.

The DISA STIG for NSX can be found here.