CIS VMware ESXi 8.0 v1.2.0 L2

Audit Details

Name: CIS VMware ESXi 8.0 v1.2.0 L2

Updated: 7/3/2025

Authority: CIS

Plugin: VMware

Revision: 1.0

Estimated Item Count: 18

File Details

Filename: CIS_VMware_ESXi_8.0_v1.2.0_L2_VMware.audit

Size: 45.4 kB

MD5: 3a965995c51d2f90a49f4e9ebb54dc19
SHA256: 4b6303596bd2206039d84f6343db59e65a1c29f4d5cd12fd51322c559b3e4c07

Audit Items

DescriptionCategories
1.8 (L2) Host integrated hardware management controller must secure authentication

ACCESS CONTROL

1.9 (L2) Host hardware must enable AMD SEV-ES, if available

CONFIGURATION MANAGEMENT, MAINTENANCE

1.10 (L2) Host hardware must enable Intel SGX, if available

CONFIGURATION MANAGEMENT, MAINTENANCE

1.11 (L2) Host hardware must secure unused external hardware ports

CONFIGURATION MANAGEMENT

1.12 (L2) Host integrated hardware management controller must deactivate internal networking

CONFIGURATION MANAGEMENT

2.12 (L2) Host must enable volatile key destruction

CONFIGURATION MANAGEMENT, MAINTENANCE

3.21 (L2) Host should enable strict lockdown mode

ACCESS CONTROL

3.23 (L2) Host must deny shell access for the vpxuser account

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

5.5 (L2) Host should deactivate virtual hardware management network interfaces

CONFIGURATION MANAGEMENT

7.1 (L2) Virtual machines must enable Secure Boot

CONFIGURATION MANAGEMENT, MAINTENANCE

7.4 (L2) Virtual machines should deactivate 3D graphics features when not required

CONFIGURATION MANAGEMENT

7.15 (L2) Virtual machines must remove unnecessary CD/DVD devices

CONFIGURATION MANAGEMENT

7.29 (L2) Virtual machines should have virtual machine hardware version 19 or newer

SYSTEM AND SERVICES ACQUISITION

8.4 (L2) VMware Tools on deployed virtual machines must prevent being recustomized

CONFIGURATION MANAGEMENT, MAINTENANCE

8.8 (L2) VMware Tools must deactivate ContainerInfo unless required

CONFIGURATION MANAGEMENT

8.9 (L2) VMware Tools must deactivate Appinfo information gathering unless required

CONFIGURATION MANAGEMENT

8.11 (L2) VMware Tools must deactivate Service Discovery unless required

CONFIGURATION MANAGEMENT

8.15 (L2) VMware Tools must deactivate Guest Operations unless required

CONFIGURATION MANAGEMENT