DISA STIG VMware vSphere 7.0 ESXi OS v1r2

Audit Details

Name: DISA STIG VMware vSphere 7.0 ESXi OS v1r2

Updated: 6/17/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 28

File Details

Filename: DISA_STIG_VMware_vSphere_7.0_ESXi_Bare_Metal_Host_v1r2.audit

Size: 49.6 kB

MD5: 4dae10481530f0e2547c98b959506487
SHA256: f8014632fd564190590c3e3118131f6291330d6566a20658b0cefda97992b1d3

Audit Items

DescriptionCategories
DISA_STIG_VMware_vSphere_7.0_ESXi_Bare_Metal_Host_v1r2.audit from DISA VMware vSphere 7.0 ESXi v1r2 STIG
ESXI-70-000009 - The ESXi host SSH daemon must be configured with the DOD logon banner - DoD login banner.

ACCESS CONTROL

ESXI-70-000010 - The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions.

ACCESS CONTROL

ESXI-70-000012 - The ESXi host Secure Shell (SSH) daemon must ignore '.rhosts' files.

IDENTIFICATION AND AUTHENTICATION

ESXI-70-000013 - The ESXi host Secure Shell (SSH) daemon must not allow host-based authentication.

CONFIGURATION MANAGEMENT

ESXI-70-000015 - The ESXi host Secure Shell (SSH) daemon must not allow authentication using an empty password.

CONFIGURATION MANAGEMENT

ESXI-70-000016 - The ESXi host Secure Shell (SSH) daemon must not permit user environment settings.

CONFIGURATION MANAGEMENT

ESXI-70-000020 - The ESXi host Secure Shell (SSH) daemon must perform strict mode checking of home directory configuration files.

CONFIGURATION MANAGEMENT

ESXI-70-000021 - The ESXi host Secure Shell (SSH) daemon must not allow compression or must only allow compression after successful authentication.

CONFIGURATION MANAGEMENT

ESXI-70-000022 - The ESXi host Secure Shell (SSH) daemon must be configured to not allow gateway ports.

CONFIGURATION MANAGEMENT

ESXI-70-000023 - The ESXi host Secure Shell (SSH) daemon must be configured to not allow X11 forwarding.

CONFIGURATION MANAGEMENT

ESXI-70-000025 - The ESXi host Secure Shell (SSH) daemon must not permit tunnels.

CONFIGURATION MANAGEMENT

ESXI-70-000026 - The ESXi host Secure Shell (SSH) daemon must set a timeout count on idle sessions.

CONFIGURATION MANAGEMENT

ESXI-70-000027 - The ESXi host Secure Shell (SSH) daemon must set a timeout interval on idle sessions.

CONFIGURATION MANAGEMENT

ESXI-70-000047 - The ESXi Image Profile and vSphere Installation Bundle (VIB) acceptance levels must be verified - VIB Acceptance Levels must be verified.

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-70-000056 - The ESXi host must configure the firewall to restrict access to services running on the host.

CONFIGURATION MANAGEMENT

ESXI-70-000076 - The ESXi host must enable Secure Boot.

CONFIGURATION MANAGEMENT

ESXI-70-000078 - The ESXi host must use DOD-approved certificates.

CONFIGURATION MANAGEMENT

ESXI-70-000082 - The ESXi host Secure Shell (SSH) daemon must disable port forwarding.

CONFIGURATION MANAGEMENT

ESXI-70-000083 - The ESXi host OpenSLP service must be disabled.

CONFIGURATION MANAGEMENT

ESXI-70-000084 - The ESXi host must enable audit logging.

CONFIGURATION MANAGEMENT

ESXI-70-000085 - The ESXi host must enable strict x509 verification for SSL syslog endpoints.

CONFIGURATION MANAGEMENT

ESXI-70-000090 - The ESXi host rhttpproxy daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions.

ACCESS CONTROL

ESXI-70-000092 - The ESXi host must not be configured to override virtual machine (VM) configurations.

CONFIGURATION MANAGEMENT

ESXI-70-000093 - The ESXi host must not be configured to override virtual machine (VM) logger settings.

CONFIGURATION MANAGEMENT

ESXI-70-000094 - The ESXi host must require TPM-based configuration encryption.

CONFIGURATION MANAGEMENT

ESXI-70-000095 - The ESXi host must implement Secure Boot enforcement.

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

ESXI-70-000274 - The ESXi host SSH daemon must be configured to only use FIPS 140-2 validated ciphers.

SYSTEM AND COMMUNICATIONS PROTECTION