Photo credit: @_stump
There a lot of abbreviations in this title so I will give a very brief rundown on what it all means and why some of you should care.
In the public sector, our systems are hardened (locked down) a bit more drastically than your traditional private company might do things. Simply deploying a fresh copy of Windows from ISO is prohibited unless strictly spelled out in your lab environment. The governing body who regulates these mandatory compliance settings is known as the Defense Information Systems Agency, or DISA for short. They work closely with the product teams to ensure that when said product is deployed onto a network, it is as secure as possible while still maintaining functionality. These guides are known as STIGs or security technical implementation guides.
With DISA approving the NSX STIGs, VMware’s NSX becomes the first software-defined network solution to do so.
Now, as anyone who has deployed STIGs knows, sometimes the settings within them have a tendency to break previous functionality. With that said, take your time, test everything as you implement, and don’t be afraid to take note of any exemptions your project may need to adjust. Work closely with your ISSO’s and document everything up front as it will save you pain as you go along.
Here are links to the direct zip’s for the STIGs above:
VMware NSX STIG Overview, Version 1
VMware NSX Manager STIG, Version 1
VMware NSX Distributed Firewall STIG, Version 1
VMware NSX Distributed Logical Router STIG, Version 1