VxRail: Security Technical Implementation Guide for VCF on VxRail v1.1.001

Summary: Dell VxRail Security Technical Implementation Guide (STIG) for VMware Cloud Foundation on VxRail v1.1.001.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

VMware Cloud Foundation (VCF) on VxRail (VoV) STIG Hardening version 1.1.001 is available for download. The STIG 1.1.001 Hardening Package for VxRail Manager is now validated with the deployment of VCF 5.2.1.1 on VxRail 8.0.311 and can be upgraded using validated Flexible BOMs.

VoV STIG Hardening is a collaboration between VMware and Dell that enables VCF on VxRail customers to harden their cluster in compliance with relevant Department of Defense (DoD) Security Technical Implementation Guidelines (STIG) requirements. 

This two-step approach provides customers a validated path to comply with the Risk Management Framework defined by US Department of Defense (DoD) and maintained by the Defense Information Systems Agency (DISA).  

For more information regarding the process, reference the Dell VxRail Manager STIG Hardening Guide for VCF on VxRail documentation. 

What's New:

  • Support for 5.2.x
  • VMware vCenter Servers that manage multiple VxRail clusters.
  • Support for Flexible BOM upgrades*
  • V-235032 is now supported and automated

Updates:

  • DISA STIG updates:
    • Application Security Development STIG V6, Release 2
    • Network Device Management (SRG V5, Release 2
    • SUSE Linux Enterprise Server (SLES) 15 STIG V2, Release 3
    • VMware vSphere 8.0 ESXi STIG V2, Release 2
    • VMware vSphere 8.0 vCenter STIG V2, Release 2
    • VMware vSphere 8.0 vCenter Appliance EAM STIG V2, Release 2

VxRail Support: 
The Dell VxRail Manager STIG Hardening Package for VCF on VxRail supports: 

  • VCF 5.2.1 with VxRail 8.0.310, VxRail 8.0.311
  • Standard VCF on VxRail cluster deployment types
  • Flexible BOM upgrades*

 

NOTE: There is no qualified upgrade path for customers who had previously applied VCF on VxRail STIG Hardening Package 1.0.000 on VCF 5.0.000 on VxRail 8.0.100. Customers looking to apply VCF on VxRail STIG Hardening Package 1.1.x should redeploy and upgrade their cluster to VCF 5.2.1 on VxRail 8.0.310 or 8.0.311 prior to hardening.

 

VCF 5.0 customers who are unable to upgrade to at least VCF 5.2.1 on VxRail 8.0.310 may choose to remain on VCF 5.0 on VxRail 8.0.100 and apply the deprecated VCF on VxRail STIG Hardening Package 1.0.000. However, these customers should redeploy prior to applying the latest VCF on VxRail STIG Hardening Package. 

The following is not supported: 

  • VCF releases prior to 5.2.1 on 8.0.310, including 5.0.x and 5.1.x
  • VxRail stretched cluster with VMware vSAN. 
  • VxRail 2-node cluster with VMware vSAN. 

 

*Support for Flexible BOM upgrades allows the customer to apply VCF on VxRail patches, starting with VxRail 8.0.310 or 8.0.311, before official validation testing occurs.  Upgrades are expected to be qualified and supported on a reasonable effort basis.

VoV STIG Hardening consists of the following: 
VMware: 

Dell: 

 

NOTE: Dell is not responsible for applying or validating the VCF STIG Readiness Guide. The customer must follow VMware guidance prior to applying VxRail Manager STIG Hardening.

 

The Dell VxRail Manager STIG Hardening Package for VCF on VxRail is for self-installation only.
The Support Services team is not authorized to provide instructional information about STIG Hardening. If you are uncertain about the execution methods after reviewing the STIG Hardening Package documentation, it is recommended to contact your Dell Technologies sales team representative for a custom deployment services quote. 

 
Caution: The user assumes all risks that are associated with hardening the VxRail environment when choosing to install the VxRail STIG Hardening Package. Dell Technologies assumes no responsibility and shall not be liable for system failures or loss of data due to VxRail STIG Hardening Package execution in the user's environment. Performing the VxRail STIG Hardening procedures incorrectly and without a backout plan may put the VxRail environment at risk of having to perform a factory reset. This could ultimately result in data loss.

Affected Products

VxRail, VxRail Appliance Series, VxRail E560 VCF, VxRail E560F VCF, VxRail E560N VCF, VxRail G560 VCF, VxRail G560F VCF, VxRail P570 VCF, VxRail P570F VCF, VxRail P580N VCF, VxRail S570 VCF, VxRail Software, VxRail V570 VCF, VxRail V570F VCF
Article Properties
Article Number: 000321689
Article Type: How To
Last Modified: 23 May 2026
Version:  7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.