| 1.8 (L2) Host integrated hardware management controller must secure authentication | ACCESS CONTROL |
| 1.9 (L2) Host hardware must enable AMD SEV-ES, if available | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.10 (L2) Host hardware must enable Intel SGX, if available | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.11 (L2) Host hardware must secure unused external hardware ports | CONFIGURATION MANAGEMENT |
| 1.12 (L2) Host integrated hardware management controller must deactivate internal networking | CONFIGURATION MANAGEMENT |
| 2.12 (L2) Host must enable volatile key destruction | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 3.21 (L2) Host should enable strict lockdown mode | ACCESS CONTROL |
| 3.23 (L2) Host must deny shell access for the vpxuser account | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.5 (L2) Host should deactivate virtual hardware management network interfaces | CONFIGURATION MANAGEMENT |
| 7.1 (L2) Virtual machines must enable Secure Boot | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 7.4 (L2) Virtual machines should deactivate 3D graphics features when not required | CONFIGURATION MANAGEMENT |
| 7.15 (L2) Virtual machines must remove unnecessary CD/DVD devices | CONFIGURATION MANAGEMENT |
| 7.29 (L2) Virtual machines should have virtual machine hardware version 19 or newer | SYSTEM AND SERVICES ACQUISITION |
| 8.4 (L2) VMware Tools on deployed virtual machines must prevent being recustomized | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 8.8 (L2) VMware Tools must deactivate ContainerInfo unless required | CONFIGURATION MANAGEMENT |
| 8.9 (L2) VMware Tools must deactivate Appinfo information gathering unless required | CONFIGURATION MANAGEMENT |
| 8.11 (L2) VMware Tools must deactivate Service Discovery unless required | CONFIGURATION MANAGEMENT |
| 8.15 (L2) VMware Tools must deactivate Guest Operations unless required | CONFIGURATION MANAGEMENT |
