Detections
Analytics

DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1

Audit Details

Name: DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1

Updated: 3/13/2026

Authority: DISA STIG

Plugin: Unix

Revision: 1.2

Estimated Item Count: 107

File Details

Filename: DISA_VMware_vSphere_8.0_vCenter_Appliance_Photon_OS_4.0_STIG_v2r1.audit

Size: 304 kB

MD5: 18f6af1e00b520172f8cb052018f7116
SHA256: 431cefbee6a11ea6c87e954ea599df26483f59a6bf6f2efebb6461deff0151c2

Audit Changelog

Ā 
Revision 1.2

Mar 13, 2026

Miscellaneous
  • Metadata updated.
  • Platform check updated.
  • Variables updated.
Added
  • DISA_STIG_VMware_vSphere_8.0_vCenter_Appliance_Photon_OS_4.0_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1
  • PHTN-40-000003 - The Photon operating system must audit all account creations.
  • PHTN-40-000004 - The Photon operating system must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
  • PHTN-40-000005 - The Photon operating system must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system.
  • PHTN-40-000007 - The Photon operating system must limit the number of concurrent sessions to ten for all accounts and/or account types.
  • PHTN-40-000012 - The Photon operating system must monitor remote access logins.
  • PHTN-40-000013 - The Photon operating system must have the OpenSSL FIPS provider installed to protect the confidentiality of remote access sessions.
  • PHTN-40-000014 - The Photon operating system must configure auditd to log to disk.
  • PHTN-40-000016 - The Photon operating system must enable the auditd service.
  • PHTN-40-000019 - The Photon operating system must be configured to audit the execution of privileged functions.
  • PHTN-40-000021 - The Photon operating system must alert the ISSO and SA in the event of an audit processing failure.
  • PHTN-40-000026 - The Photon operating system must protect audit logs from unauthorized access.
  • PHTN-40-000030 - The Photon operating system must allow only authorized users to configure the auditd service.
  • PHTN-40-000031 - The Photon operating system must generate audit records when successful/unsuccessful attempts to access privileges occur.
  • PHTN-40-000035 - The Photon operating system must enforce password complexity by requiring that at least one uppercase character be used.
  • PHTN-40-000036 - The Photon operating system must enforce password complexity by requiring that at least one lowercase character be used.
  • PHTN-40-000037 - The Photon operating system must enforce password complexity by requiring that at least one numeric character be used.
  • PHTN-40-000038 - The Photon operating system must require the change of at least eight characters when passwords are changed.
  • PHTN-40-000039 - The operating system must store only encrypted representations of passwords.
  • PHTN-40-000040 - The Photon operating system must not have the telnet package installed.
  • PHTN-40-000041 - The Photon operating system must enforce one day as the minimum password lifetime.
  • PHTN-40-000042 - The Photon operating systems must enforce a 90-day maximum password lifetime restriction.
  • PHTN-40-000043 - The Photon operating system must prohibit password reuse for a minimum of five generations.
  • PHTN-40-000044 - The Photon operating system must enforce a minimum 15-character password length.
  • PHTN-40-000046 - The Photon operating system must require authentication upon booting into single-user and maintenance modes.
  • PHTN-40-000047 - The Photon operating system must disable unnecessary kernel modules.
  • PHTN-40-000049 - The Photon operating system must not have duplicate User IDs (UIDs).
  • PHTN-40-000059 - The Photon operating system must use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.
  • PHTN-40-000067 - The Photon operating system must restrict access to the kernel message buffer.
  • PHTN-40-000068 - The Photon operating system must be configured to use TCP syncookies.
  • PHTN-40-000069 - The Photon operating system must terminate idle Secure Shell (SSH) sessions after 15 minutes.
  • PHTN-40-000073 - The Photon operating system /var/log directory must be restricted.
  • PHTN-40-000074 - The Photon operating system must reveal error messages only to authorized users.
  • PHTN-40-000076 - The Photon operating system must audit all account modifications.
  • PHTN-40-000078 - The Photon operating system must audit all account removal actions.
  • PHTN-40-000079 - The Photon operating system must implement only approved ciphers to protect the integrity of remote access sessions.
  • PHTN-40-000080 - The Photon operating system must initiate session audits at system startup.
  • PHTN-40-000082 - The Photon operating system must protect audit tools from unauthorized access.
  • PHTN-40-000086 - The Photon operating system must enforce password complexity by requiring that at least one special character be used.
  • PHTN-40-000092 - The Photon operating system must use cryptographic mechanisms to protect the integrity of audit tools.
  • PHTN-40-000093 - The operating system must automatically terminate a user session after inactivity time-outs have expired.
  • PHTN-40-000105 - The Photon operating system must enable symlink access control protection in the kernel.
  • PHTN-40-000107 - The Photon operating system must audit the execution of privileged functions.
  • PHTN-40-000108 - The Photon operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes occur.
  • PHTN-40-000110 - The Photon operating system must allocate audit record storage capacity to store audit records when audit records are not immediately sent to a central audit record storage facility.
  • PHTN-40-000112 - The Photon operating system must immediately notify the SA and ISSO when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.
  • PHTN-40-000130 - The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation.
  • PHTN-40-000133 - The Photon operating system must require users to reauthenticate for privilege escalation.
  • PHTN-40-000160 - The Photon operating system must implement address space layout randomization to protect its memory from unauthorized code execution.
  • PHTN-40-000161 - The Photon operating system must remove all software components after updated versions have been installed.
  • PHTN-40-000173 - The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur.
  • PHTN-40-000175 - The Photon operating system must be configured to audit the loading and unloading of dynamic kernel modules.
  • PHTN-40-000182 - The Photon operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
  • PHTN-40-000184 - The Photon operating system must prevent the use of dictionary words for passwords.
  • PHTN-40-000185 - The Photon operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt in login.defs.
  • PHTN-40-000186 - The Photon operating system must ensure audit events are flushed to disk at proper intervals.
  • PHTN-40-000187 - The Photon operating system must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
  • PHTN-40-000188 - The Photon operating system must configure Secure Shell (SSH) to disallow HostbasedAuthentication.
  • PHTN-40-000192 - The Photon operating system must be configured to use the pam_faillock.so module.
  • PHTN-40-000193 - The Photon operating system must prevent leaking information of the existence of a user account.
  • PHTN-40-000194 - The Photon operating system must audit logon attempts for unknown users.
  • PHTN-40-000195 - The Photon operating system must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
  • PHTN-40-000196 - The Photon operating system must persist lockouts between system reboots.
  • PHTN-40-000197 - The Photon operating system must be configured to use the pam_pwquality.so module.
  • PHTN-40-000199 - The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation for all repos.
  • PHTN-40-000200 - The Photon operating system must configure the Secure Shell (SSH) SyslogFacility.
  • PHTN-40-000201 - The Photon operating system must enable Secure Shell (SSH) authentication logging.
  • PHTN-40-000203 - The Photon operating system must terminate idle Secure Shell (SSH) sessions.
  • PHTN-40-000204 - The Photon operating system must audit all account modifications.
  • PHTN-40-000206 - The Photon operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.
  • PHTN-40-000207 - The Photon operating system must configure Secure Shell (SSH) to disallow authentication with an empty password.
  • PHTN-40-000208 - The Photon operating system must configure Secure Shell (SSH) to disable user environment processing.
  • PHTN-40-000209 - The Photon operating system must create a home directory for all new local interactive user accounts.
  • PHTN-40-000210 - The Photon operating system must disable the debug-shell service.
  • PHTN-40-000211 - The Photon operating system must configure Secure Shell (SSH) to disallow Generic Security Service Application Program Interface (GSSAPI) authentication.
  • PHTN-40-000212 - The Photon operating system must configure Secure Shell (SSH) to disable X11 forwarding.
  • PHTN-40-000213 - The Photon operating system must configure Secure Shell (SSH) to perform strict mode checking of home directory configuration files.
  • PHTN-40-000214 - The Photon operating system must configure Secure Shell (SSH) to disallow Kerberos authentication.
  • PHTN-40-000215 - The Photon operating system must configure Secure Shell (SSH) to disallow compression of the encrypted session stream.
  • PHTN-40-000216 - The Photon operating system must configure Secure Shell (SSH) to display the last login immediately after authentication.
  • PHTN-40-000217 - The Photon operating system must configure Secure Shell (SSH) to ignore user-specific trusted hosts lists.
  • PHTN-40-000218 - The Photon operating system must configure Secure Shell (SSH) to ignore user-specific known_host files.
  • PHTN-40-000219 - The Photon operating system must configure Secure Shell (SSH) to limit the number of allowed login attempts per connection.
  • PHTN-40-000220 - The Photon operating system must configure Secure Shell (SSH) to restrict AllowTcpForwarding.
  • PHTN-40-000221 - The Photon operating system must configure Secure Shell (SSH) to restrict LoginGraceTime.
  • PHTN-40-000222 - The Photon operating system must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line.
  • PHTN-40-000223 - The Photon operating system must not forward IPv4 or IPv6 source-routed packets.
  • PHTN-40-000224 - The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.
  • PHTN-40-000225 - The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.
  • PHTN-40-000226 - The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted.
  • PHTN-40-000227 - The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects.
  • PHTN-40-000228 - The Photon operating system must log IPv4 packets with impossible addresses.
  • PHTN-40-000229 - The Photon operating system must use a reverse-path filter for IPv4 network traffic.
  • PHTN-40-000231 - The Photon operating system must not perform IPv4 packet forwarding.
  • PHTN-40-000232 - The Photon operating system must send TCP timestamps.
  • PHTN-40-000233 - The Photon operating system must be configured to protect the Secure Shell (SSH) public host key from unauthorized modification.
  • PHTN-40-000234 - The Photon operating system must be configured to protect the Secure Shell (SSH) private host key from unauthorized access.
  • PHTN-40-000235 - The Photon operating system must enforce password complexity on the root account.
  • PHTN-40-000236 - The Photon operating system must disable systemd fallback DNS.
  • PHTN-40-000237 - The Photon operating system must configure AIDE to detect changes to baseline configurations.
  • PHTN-40-000238 - The Photon operating system must generate audit records for all access and modifications to the opasswd file.
  • PHTN-40-000239 - The Photon operating system must implement only approved Message Authentication Codes (MACs) to protect the integrity of remote access sessions.
  • PHTN-40-000242 - The Photon operating system must enable the rsyslog service.
  • PHTN-40-000243 - The Photon operating system must be configured to use the pam_pwhistory.so module.
  • PHTN-40-000244 - The Photon operating system must enable hardlink access control protection in the kernel.
  • PHTN-40-000246 - The Photon operating system must restrict core dumps.
  • PHTN-40-000247 - The Photon operating system must not allow empty passwords.
Removed
  • DISA_VMware_vSphere_8.0_vCenter_Appliance_Photon_OS_4.0_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1
  • PHTN-40-000003 The Photon operating system must audit all account creations.
  • PHTN-40-000004 The Photon operating system must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
  • PHTN-40-000005 The Photon operating system must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system.
  • PHTN-40-000007 The Photon operating system must limit the number of concurrent sessions to ten for all accounts and/or account types.
  • PHTN-40-000012 The Photon operating system must monitor remote access logins.
  • PHTN-40-000013 The Photon operating system must have the OpenSSL FIPS provider installed to protect the confidentiality of remote access sessions.
  • PHTN-40-000014 The Photon operating system must configure auditd to log to disk.
  • PHTN-40-000016 The Photon operating system must enable the auditd service.
  • PHTN-40-000019 The Photon operating system must be configured to audit the execution of privileged functions.
  • PHTN-40-000021 The Photon operating system must alert the ISSO and SA in the event of an audit processing failure.
  • PHTN-40-000026 The Photon operating system must protect audit logs from unauthorized access.
  • PHTN-40-000030 The Photon operating system must allow only authorized users to configure the auditd service.
  • PHTN-40-000031 The Photon operating system must generate audit records when successful/unsuccessful attempts to access privileges occur.
  • PHTN-40-000035 The Photon operating system must enforce password complexity by requiring that at least one uppercase character be used.
  • PHTN-40-000036 The Photon operating system must enforce password complexity by requiring that at least one lowercase character be used.
  • PHTN-40-000037 The Photon operating system must enforce password complexity by requiring that at least one numeric character be used.
  • PHTN-40-000038 The Photon operating system must require the change of at least eight characters when passwords are changed.
  • PHTN-40-000039 The operating system must store only encrypted representations of passwords.
  • PHTN-40-000040 The Photon operating system must not have the telnet package installed.
  • PHTN-40-000041 The Photon operating system must enforce one day as the minimum password lifetime.
  • PHTN-40-000042 The Photon operating systems must enforce a 90-day maximum password lifetime restriction.
  • PHTN-40-000043 The Photon operating system must prohibit password reuse for a minimum of five generations.
  • PHTN-40-000044 The Photon operating system must enforce a minimum 15-character password length.
  • PHTN-40-000046 The Photon operating system must require authentication upon booting into single-user and maintenance modes.
  • PHTN-40-000047 The Photon operating system must disable unnecessary kernel modules.
  • PHTN-40-000049 The Photon operating system must not have duplicate User IDs (UIDs).
  • PHTN-40-000059 The Photon operating system must use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.
  • PHTN-40-000067 The Photon operating system must restrict access to the kernel message buffer.
  • PHTN-40-000068 The Photon operating system must be configured to use TCP syncookies.
  • PHTN-40-000069 The Photon operating system must terminate idle Secure Shell (SSH) sessions after 15 minutes.
  • PHTN-40-000073 The Photon operating system /var/log directory must be restricted.
  • PHTN-40-000074 The Photon operating system must reveal error messages only to authorized users.
  • PHTN-40-000076 The Photon operating system must audit all account modifications.
  • PHTN-40-000078 The Photon operating system must audit all account removal actions.
  • PHTN-40-000079 The Photon operating system must implement only approved ciphers to protect the integrity of remote access sessions.
  • PHTN-40-000080 The Photon operating system must initiate session audits at system startup.
  • PHTN-40-000082 The Photon operating system must protect audit tools from unauthorized access.
  • PHTN-40-000086 The Photon operating system must enforce password complexity by requiring that at least one special character be used.
  • PHTN-40-000092 The Photon operating system must use cryptographic mechanisms to protect the integrity of audit tools.
  • PHTN-40-000093 The operating system must automatically terminate a user session after inactivity time-outs have expired.
  • PHTN-40-000105 The Photon operating system must enable symlink access control protection in the kernel.
  • PHTN-40-000107 The Photon operating system must audit the execution of privileged functions.
  • PHTN-40-000108 The Photon operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes occur.
  • PHTN-40-000110 The Photon operating system must allocate audit record storage capacity to store audit records when audit records are not immediately sent to a central audit record storage facility.
  • PHTN-40-000112 The Photon operating system must immediately notify the SA and ISSO when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.
  • PHTN-40-000130 The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation.
  • PHTN-40-000133 The Photon operating system must require users to reauthenticate for privilege escalation.
  • PHTN-40-000160 The Photon operating system must implement address space layout randomization to protect its memory from unauthorized code execution.
  • PHTN-40-000161 The Photon operating system must remove all software components after updated versions have been installed.
  • PHTN-40-000173 The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur.
  • PHTN-40-000175 The Photon operating system must be configured to audit the loading and unloading of dynamic kernel modules.
  • PHTN-40-000182 The Photon operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
  • PHTN-40-000184 The Photon operating system must prevent the use of dictionary words for passwords.
  • PHTN-40-000185 The Photon operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt in login.defs.
  • PHTN-40-000186 The Photon operating system must ensure audit events are flushed to disk at proper intervals.
  • PHTN-40-000187 The Photon operating system must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
  • PHTN-40-000188 The Photon operating system must configure Secure Shell (SSH) to disallow HostbasedAuthentication.
  • PHTN-40-000192 The Photon operating system must be configured to use the pam_faillock.so module.
  • PHTN-40-000193 The Photon operating system must prevent leaking information of the existence of a user account.
  • PHTN-40-000194 The Photon operating system must audit logon attempts for unknown users.
  • PHTN-40-000195 The Photon operating system must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
  • PHTN-40-000196 The Photon operating system must persist lockouts between system reboots.
  • PHTN-40-000197 The Photon operating system must be configured to use the pam_pwquality.so module.
  • PHTN-40-000199 The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation for all repos.
  • PHTN-40-000200 The Photon operating system must configure the Secure Shell (SSH) SyslogFacility.
  • PHTN-40-000201 The Photon operating system must enable Secure Shell (SSH) authentication logging.
  • PHTN-40-000203 The Photon operating system must terminate idle Secure Shell (SSH) sessions.
  • PHTN-40-000204 The Photon operating system must audit all account modifications.
  • PHTN-40-000206 The Photon operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.
  • PHTN-40-000207 The Photon operating system must configure Secure Shell (SSH) to disallow authentication with an empty password.
  • PHTN-40-000208 The Photon operating system must configure Secure Shell (SSH) to disable user environment processing.
  • PHTN-40-000209 The Photon operating system must create a home directory for all new local interactive user accounts.
  • PHTN-40-000210 The Photon operating system must disable the debug-shell service.
  • PHTN-40-000211 The Photon operating system must configure Secure Shell (SSH) to disallow Generic Security Service Application Program Interface (GSSAPI) authentication.
  • PHTN-40-000212 The Photon operating system must configure Secure Shell (SSH) to disable X11 forwarding.
  • PHTN-40-000213 The Photon operating system must configure Secure Shell (SSH) to perform strict mode checking of home directory configuration files.
  • PHTN-40-000214 The Photon operating system must configure Secure Shell (SSH) to disallow Kerberos authentication.
  • PHTN-40-000215 The Photon operating system must configure Secure Shell (SSH) to disallow compression of the encrypted session stream.
  • PHTN-40-000216 The Photon operating system must configure Secure Shell (SSH) to display the last login immediately after authentication.
  • PHTN-40-000217 The Photon operating system must configure Secure Shell (SSH) to ignore user-specific trusted hosts lists.
  • PHTN-40-000218 The Photon operating system must configure Secure Shell (SSH) to ignore user-specific known_host files.
  • PHTN-40-000219 The Photon operating system must configure Secure Shell (SSH) to limit the number of allowed login attempts per connection.
  • PHTN-40-000220 The Photon operating system must configure Secure Shell (SSH) to restrict AllowTcpForwarding.
  • PHTN-40-000221 The Photon operating system must configure Secure Shell (SSH) to restrict LoginGraceTime.
  • PHTN-40-000222 The Photon operating system must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line.
  • PHTN-40-000223 The Photon operating system must not forward IPv4 or IPv6 source-routed packets.
  • PHTN-40-000224 The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.
  • PHTN-40-000225 The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.
  • PHTN-40-000226 The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted.
  • PHTN-40-000227 The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects.
  • PHTN-40-000228 The Photon operating system must log IPv4 packets with impossible addresses.
  • PHTN-40-000229 The Photon operating system must use a reverse-path filter for IPv4 network traffic.
  • PHTN-40-000231 The Photon operating system must not perform IPv4 packet forwarding.
  • PHTN-40-000232 The Photon operating system must send TCP timestamps.
  • PHTN-40-000233 The Photon operating system must be configured to protect the Secure Shell (SSH) public host key from unauthorized modification.
  • PHTN-40-000234 The Photon operating system must be configured to protect the Secure Shell (SSH) private host key from unauthorized access.
  • PHTN-40-000235 The Photon operating system must enforce password complexity on the root account.
  • PHTN-40-000236 The Photon operating system must disable systemd fallback DNS.
  • PHTN-40-000237 The Photon operating system must configure AIDE to detect changes to baseline configurations.
  • PHTN-40-000238 The Photon operating system must generate audit records for all access and modifications to the opasswd file.
  • PHTN-40-000239 The Photon operating system must implement only approved Message Authentication Codes (MACs) to protect the integrity of remote access sessions.
  • PHTN-40-000242 The Photon operating system must enable the rsyslog service.
  • PHTN-40-000243 The Photon operating system must be configured to use the pam_pwhistory.so module.
  • PHTN-40-000244 The Photon operating system must enable hardlink access control protection in the kernel.
  • PHTN-40-000246 The Photon operating system must restrict core dumps.
  • PHTN-40-000247 The Photon operating system must not allow empty passwords.
Revision 1.1

Oct 30, 2025

Functional Update
  • PHTN-40-000078 The Photon operating system must audit all account removal actions.
Miscellaneous
  • Metadata updated.
  • References updated.