You can configure VMware Aria Operations for Logs to ensure STIG (Security Technical Implementation Guide) compliance for better security. This configuration includes the DoD (Department of Defense) consent agreement and additional password policy restrictions.
- A new user is created or an Active Directory or VMware Workspace ONE Access user logs in for the first time.
- The allocated log record storage volume reaches 75 percent of the maximum log record storage capacity of the repository. This notification is sent per node.
Prerequisites
Verify that you are logged in to the VMware Aria Operations for Logs web user interface as a Super Admin user, or a user associated with a role that has the relevant permissions. See Create and Modify Roles for more information. The URL format of the web user interface is https://operations-for-logs-host, where operations-for-logs-host is the IP address or host name of the VMware Aria Operations for Logs virtual appliance.
Procedure
- Expand the main menu and navigate to .
- In the Security Technical Implementation Guide pane, perform the relevant actions:
- Click the DoD Consent Agreement toggle button to display the mandatory DoD consent agreement when a user logs in to VMware Aria Operations for Logs. Select a login message type - a simple message on the login page, a login page with a check box to accept the consent before logging in, or a consent dialog box with a button to accept the DoD consent agreement. Add a consent title and description.
When the DoD consent agreement is activated, users can see the selected login message type when they log in.
- Click the Password Policy Restriction toggle button to activate further password restrictions for user accounts and additional rules to lock the accounts.
If the password policy restriction is activated, the following additional rules are applied to passwords:
- A password must contain at least 15 characters.
- A user can change their password only once in 24 hours.
- When a user changes their password, they cannot use the last five passwords.
- When a user changes their password, at least eight characters of the new password must be different from the old password.
If the password policy restriction is activated, a user account is locked if:- The user has not logged in to VMware Aria Operations for Logs for 35 days.
- The user has not changed their password for 60 days.
Note: Super Admin user accounts are never locked.
- Click the DoD Consent Agreement toggle button to display the mandatory DoD consent agreement when a user logs in to VMware Aria Operations for Logs. Select a login message type - a simple message on the login page, a login page with a check box to accept the consent before logging in, or a consent dialog box with a button to accept the DoD consent agreement. Add a consent title and description.
- Click Save.
