ESXi: esxi-8.account-password-max-days

Information

The ESXi host must be configured with an appropriate maximum password age. Modern best practices for passwords, as outlined in NIST 800-63B Section 5.1.1.2 and other relevant guidance, state that enforcing periodic password changes does not enhance security when passwords already possess adequate entropy.

Solution

PowerCLI Command Assessment Example: Get-VMHost -Name $ESXi | Get-AdvancedSetting Security.PasswordMaxDays

See Also

https://github.com/vmware/vcf-security-and-compliance-guidelines/raw/refs/heads/main/security-configuration-hardening-guide/vsphere/8.0/