Mar 13, 2026 Functional Update- 3.20 (L1) Host must enable normal lockdown mode
Informational Update- 2.10 (L1) Host must restrict inter-VM transparent page sharing
- 2.2 (L1) Host must have all software updates installed
- 2.6 (L1) Host must have reliable time synchronization sources
- 3.1 (L1) Host should deactivate SSH
- 3.12 (L1) Host must lock an account after a specified number of failed login attempts
- 3.13 (L1) Host must unlock accounts after a specified timeout period
- 3.14 (L1) Host must configure the password history setting to restrict the reuse of passwords
- 3.18 (L1) Host must have an accurate DCUI.Access list
- 3.19 (L1) Host must have an accurate Exception Users list
- 3.2 (L1) Host must deactivate the ESXi shell
- 3.20 (L1) Host must enable normal lockdown mode
- 3.3 (L1) Host must deactivate the ESXi Managed Object Browser (MOB)
- 3.7 (L1) Host must automatically terminate idle DCUI sessions
- 3.8 (L1) Host must automatically terminate idle shells
- 3.9 (L1) Host must automatically deactivate shell services
- 4.1 (L1) Host must configure a persistent log location for all locally stored system logs
- 4.2 (L1) Host must transmit system logs to a remote log collector
- 5.1 (L1) Host firewall must only allow traffic from authorized networks
- 5.10 (L1) Host must restrict the use of Virtual Guest Tagging (VGT) on standard virtual switches
- 5.3 (L1) Host must restrict use of the dvFilter network API
- 5.6 (L1) Host should reject forged transmits on standard virtual switches and port groups
- 5.7 (L1) Host should reject MAC address changes on standard virtual switches and port groups
- 5.8 (L1) Host should reject promiscuous mode requests on standard virtual switches and port groups
- 5.9 (L1) Host must restrict access to a default or native VLAN on standard virtual switches
- 6.3.1 (L1) Host iSCSI client, if enabled, must employ bidirectional/mutual CHAP authentication
- 6.3.2 (L1) Host iSCSI client, if enabled, must employ unique CHAP authentication secrets
- 7.17 (L1) Virtual machines must deactivate console drag and drop operations
- 7.18 (L1) Virtual machines must deactivate console copy operations
- 7.19 (L1) Virtual machines must deactivate console paste operations
- 7.20 (L1) Virtual machines must limit access through the \"dvfilter\" network API
- 7.21 (L1) Virtual machines must deactivate virtual disk shrinking operations
- 7.22 (L1) Virtual machines must deactivate virtual disk wiping operations
- 7.24 (L1) Virtual machines must not be able to obtain host information from the hypervisor
- 7.26 (L1) Virtual machines must limit the number of retained diagnostic logs
- 7.27 (L1) Virtual machines must limit the size of diagnostic logs
- 7.6 (L1) Virtual machines must limit console sharing.
Miscellaneous- Metadata updated.
- Variables updated.
|
