| VCWN-65-000001 - The vCenter Server for Windows must prohibit password reuse for a minimum of five generations. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000002 - The vCenter Server for Windows must not automatically refresh client sessions. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-65-000003 - The vCenter Server for Windows must enforce a 60-day maximum password lifetime restriction. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000004 - The vCenter Server for Windows must terminate management sessions after 10 minutes of inactivity. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-65-000005 - The vCenter Server for Windows users must have the correct roles assigned. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-65-000007 - The vCenter Server for Windows must manage excess capacity, bandwidth, or other redundancy to limit the effects of information-flooding types of Denial of Service (DoS) attacks by enabling Network I/O Control (NIOC). | CONFIGURATION MANAGEMENT |
| VCWN-65-000008 - The vCenter Server for Windows must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events. | AUDIT AND ACCOUNTABILITY |
| VCWN-65-000009 - The vCenter Server for Windows must use Active Directory authentication. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000010 - The vCenter Server for Windows must limit the use of the built-in SSO administrative account. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000012 - The vCenter Server for Windows must disable the distributed virtual switch health check. | CONFIGURATION MANAGEMENT |
| VCWN-65-000013 - The vCenter Server for Windows must set the distributed port group Forged Transmits policy to reject. | CONFIGURATION MANAGEMENT |
| VCWN-65-000014 - The vCenter Server for Windows must set the distributed port group MAC Address Change policy to reject. | CONFIGURATION MANAGEMENT |
| VCWN-65-000015 - The vCenter Server for Windows must set the distributed port group Promiscuous Mode policy to reject. | CONFIGURATION MANAGEMENT |
| VCWN-65-000016 - The vCenter Server for Windows must only send NetFlow traffic to authorized collectors. | CONFIGURATION MANAGEMENT |
| VCWN-65-000017 - The vCenter Server for Windows must not override port group settings at the port level on distributed switches. | CONFIGURATION MANAGEMENT |
| VCWN-65-000018 - The vCenter Server for Windows must configure all port groups to a value other than that of the native VLAN. | CONFIGURATION MANAGEMENT |
| VCWN-65-000019 - The vCenter Server for Windows must configure all port groups to VLAN 4095 unless Virtual Guest Tagging (VGT) is required. | CONFIGURATION MANAGEMENT |
| VCWN-65-000020 - The vCenter Server for Windows must not configure all port groups to VLAN values reserved by upstream physical switches. | CONFIGURATION MANAGEMENT |
| VCWN-65-000021 - The vCenter Server for Windows must enable SSL for Network File Copy (NFC). | CONFIGURATION MANAGEMENT |
| VCWN-65-000022 - The vCenter Server for Windows services must be ran using a service account instead of a built-in Windows account. | CONFIGURATION MANAGEMENT |
| VCWN-65-000023 - The vCenter Server for Windows must configure the vpxuser auto-password to be changed every 30 days. | CONFIGURATION MANAGEMENT |
| VCWN-65-000024 - The vCenter Server for Windows must configure the vpxuser password meets length policy. | CONFIGURATION MANAGEMENT |
| VCWN-65-000025 - The vCenter Server for Windows must disable the managed object browser at all times, when not required for the purpose of troubleshooting or maintenance of managed objects. | CONFIGURATION MANAGEMENT |
| VCWN-65-000026 - The vCenter Server for Windows must check the privilege re-assignment after restarts. | CONFIGURATION MANAGEMENT |
| VCWN-65-000027 - The vCenter Server for Windows must minimize access to the vCenter server. | CONFIGURATION MANAGEMENT |
| VCWN-65-000028 - The vCenter Server for Windows Administrators must clean up log files after failed installations. | CONFIGURATION MANAGEMENT |
| VCWN-65-000029 - The vCenter Server for Windows must enable all tasks to be shown to Administrators in the Web Client. | CONFIGURATION MANAGEMENT |
| VCWN-65-000030 - The vCenter Server for Windows Administrator role must be secured and assigned to specific users other than a Windows Administrator. | CONFIGURATION MANAGEMENT |
| VCWN-65-000031 - The vCenter Server for Windows must restrict the connectivity between Update Manager and public patch repositories by use of a separate Update Manager Download Server. | CONFIGURATION MANAGEMENT |
| VCWN-65-000032 - The vCenter Server for Windows must use a least-privileges assignment for the Update Manager database user. | CONFIGURATION MANAGEMENT |
| VCWN-65-000033 - The vCenter Server for Windows must use a least-privileges assignment for the vCenter Server database user. | CONFIGURATION MANAGEMENT |
| VCWN-65-000034 - The vCenter Server for Windows must use unique service accounts when applications connect to vCenter. | CONFIGURATION MANAGEMENT |
| VCWN-65-000035 - vCenter Server for Windows plugins must be verified. | CONFIGURATION MANAGEMENT |
| VCWN-65-000036 - The vCenter Server for Windows must produce audit records containing information to establish what type of events occurred. | SYSTEM AND INFORMATION INTEGRITY |
| VCWN-65-000039 - The vCenter Server for Windows passwords must be at least 15 characters in length. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000040 - The vCenter Server for Windows passwords must contain at least one uppercase character. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000041 - The vCenter Server for Windows passwords must contain at least one lowercase character. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000042 - The vCenter Server for Windows passwords must contain at least one numeric character. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000043 - The vCenter Server for Windows passwords must contain at least one special character. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-65-000045 - The vCenter Server for Windows must limit the maximum number of failed login attempts to three. | ACCESS CONTROL |
| VCWN-65-000046 - The vCenter Server for Windows must set the interval for counting failed login attempts to at least 15 minutes. | ACCESS CONTROL |
| VCWN-65-000047 - The vCenter Server for Windows must require an administrator to unlock an account locked due to excessive login failures. | ACCESS CONTROL |
| VCWN-65-000048 - The vCenter Server for Windows must alert administrators on permission creation operations. | SYSTEM AND INFORMATION INTEGRITY |
| VCWN-65-000049 - The vCenter Server for Windows must alert administrators on permission deletion operations. | SYSTEM AND INFORMATION INTEGRITY |
| VCWN-65-000050 - The vCenter Server for Windows must alert administrators on permission update operations. | SYSTEM AND INFORMATION INTEGRITY |
| VCWN-65-000051 - The vCenter Server for Windows users must have the correct roles assigned. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-65-000052 - The vCenter Server for Windows must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic. | CONFIGURATION MANAGEMENT |
| VCWN-65-000053 - The vCenter Server for Windows must enable the vSAN Health Check. | CONFIGURATION MANAGEMENT |
| VCWN-65-000054 - The vCenter Server for Windows must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. | CONFIGURATION MANAGEMENT |
| VCWN-65-000055 - The vCenter Server for Windows must configure the vSAN Datastore name to a unique name. | CONFIGURATION MANAGEMENT |
