In case anyone missed it DISA posted a brand spank’n new ESXi 5 STIG revision on Friday, January 24th.

ESXi 5 STIG Version 1 Revision 4

Now, I want to point out a few things about this revision.  First off I teamed up with a great engineer working for DISA FSO to basically rewrite most of the ESXi 5 Server portion of this STIG.  We put a lot of work into that section and I was proud of the result.  If you’ve had trouble implementing the ESXi 5 Server piece in the past please take a look at the changes in revision 4.  You can see from the release notes alone that dozens of checks were changed, and several deleted all together.

Additionally, a lot of the posts on this blog are now moot if you’re using revision 4.  Why?  Because we essentially used this blog as a point of reference in the rewrite.  I’ll be leaving the posts up here, but note in them that it was pre-revision 4 information.

Finally I wanted to mention our Forge.mil Community Project for ESXi STIG Automation.  If you haven’t signed up for this project yet, please do so.  We will use revision 4 as the focal point for its development.

As I’ve eluded to in some previous articles I’ve started up a software.forge.mil community project on ESXi 5 STIG automation.  Why Forge.mil?  Well, quite simply to help with credibility.  The best way to apply the ESXi 5 STIG settings is by way of a VIB, and in order for one to create and deploy a VIB in this fashion it will be unsigned but have a higher than Community acceptance level.  That is, as you know, a STIG issue itself.  Bit Chicken and Egg if you know what I mean.  So to help combat that I decided to post this as a community project on Forge.mil.  If this is to be useful it must be trusted by the IA community within DoD.

Now, all that aside, let’s talk business.  First thing you need to do is go join the project!  Even if you do not plan to directly participate please join the project anyway.  This way we can show numbers and interest from the DoD community.  Trust me, things like this gain a life of their own and contribute a great deal to decisions made in development within VMware (you’d think).  Additionally, numbers and involvement will help drive IA acceptance of the tool as well.  NOW JOIN!

Project Site: ESXi STIG Toolset (CAC Required)

Now, you’ve joined the project, right?  Ok, next… read.  Take a look at the project charter and get familiar with project controls.  You’ll notice there’s a Discussion tab in the project console.  Use it.  Post questions, code snipits, and general information here.  That way everyone involved will benefit.

Next take notice of the Tracker tab.  This is a bug / feature tracker if you will.  As we progress along we should place features and bugs in this tracker.  Again, it helps everyone if we follow a standard.

File Releases is next.  Here is where we will place pre-built VIB versions for download, along with their code.  If you are familiar with source control we will build a branch and tag it as a release, those artifacts will go here.

Finally is the Source Control tab.  Within this tab you will see a Development repository.  This is where we will keep all the project files.

Now let’s get to building.  I’ll post a followup article on my ideas as to how we move forward.  What I ask of you is involvement.  Share your scripts and ESXi STIG settings within the project discussion group.  This is a community project.  I’ll be working on the build automation and documentation.  I need help with the rest of it.  I’ll cover what that is in the next article.  Until then, join the project!  I’ll be posting updates here and via e-mail through the project group itself.

Note: As of right now, only the project site itself and a minimum repository file structure has been established.  The real content will come.  Keep an eye here for a follow-up post and join the group for e-mail notification.