Information
The ESXi host must have an accurate Exception Users list. Users on the Lockdown Mode "Exception Users" list do not lose their privileges when the host enters lockdown mode, which can potentially defeat the purpose of lockdown mode.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
(Get-View (Get-VMHost -Name $ESXi | Get-View).ConfigManager.HostAccessManager).UpdateLockdownExceptions($NULL)