Detections
Analytics

CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal

Updated: 7/3/2025

Authority: CIS

Plugin: Unix

Revision: 1.2

Estimated Item Count: 16

Audit Items

DescriptionCategories
2.4 (L1) Host image profile acceptance level must be PartnerSupported or higher
2.11 (L1) Host must use sufficient entropy for cryptographic operations
6.4.1 (L1) Host SNMP services, if enabled, must limit access
6.5.1 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated ciphers
6.5.2 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated cryptographic modules
6.5.3 (L1) Host SSH daemon, if enabled, must not allow use of gateway ports
6.5.4 (L1) Host SSH daemon, if enabled, must not allow host-based authentication
6.5.5 (L1) Host SSH daemon, if enabled, must set a timeout count on idle sessions
6.5.6 (L1) Host SSH daemon, if enabled, must set a timeout interval on idle sessions
6.5.7 (L1) Host SSH daemon, if enabled, must display the system login banner before granting access
6.5.8 (L1) Host SSH daemon, if enabled, must ignore .rhosts files
6.5.9 (L1) Host SSH daemon, if enabled, must disable stream local forwarding
6.5.10 (L1) Host SSH daemon, if enabled, must disable TCP forwarding
6.5.11 (L1) Host SSH daemon, if enabled, must not permit tunnels
6.5.12 (L1) Host SSH daemon, if enabled, must not permit user environment settings
CIS_VMware_ESXi_8.0_v1.1.0_L1_Bare_Metal.audit from CIS VMware ESXi 8.0 Benchmark v1.1.0