| VCFL-67-000027 - Rsyslog must be configured to monitor and ship vSphere Client log files - access | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCFL-67-000027 - Rsyslog must be configured to monitor and ship vSphere Client log files - runtime | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPF-80-000005 The vCenter Perfcharts service cookies must have secure flag set. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | ACCESS CONTROL |
| VCPF-80-000025 The vCenter Perfcharts service logs folder permissions must be set correctly. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPF-80-000036 The vCenter Perfcharts service must disable stack tracing. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-80-000065 The vCenter Perfcharts service must set URIEncoding to UTF-8. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-80-000125 The vCenter Perfcharts service must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | ACCESS CONTROL |
| VCPF-80-000127 The vCenter Perfcharts service must configure the 'setCharacterEncodingFilter' filter. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-80-000130 The vCenter Perfcharts service DefaultServlet must be set to 'readonly' for 'PUT' and 'DELETE' commands. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | ACCESS CONTROL |
| VCPF-80-000134 The vCenter Perfcharts service shutdown port must be disabled. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-80-000136 The vCenter Perfcharts service debug parameter must be disabled. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-80-000138 The vCenter Perfcharts service deployXML attribute must be disabled. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-80-000139 The vCenter Perfcharts service must have Autodeploy disabled. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-80-000140 The vCenter Perfcharts service xpoweredBy attribute must be disabled. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-80-000143 The vCenter Perfcharts service default documentation must be removed. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-80-000155 The vCenter Perfcharts service host-manager webapp must be removed. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCSA-70-000077 - The vCenter Server must enable FIPS-validated cryptography. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-80-000023 - The vCenter Server must enforce the limit of three consecutive invalid login attempts by a user. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | ACCESS CONTROL |
| VCSA-80-000034 - The vCenter Server must produce audit records containing information to establish what type of events occurred. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | AUDIT AND ACCOUNTABILITY |
| VCSA-80-000059 - The vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| VCSA-80-000070 - The vCenter Server must prohibit password reuse for a minimum of five generations. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCSA-80-000071 - The vCenter Server passwords must contain at least one uppercase character. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCSA-80-000072 - The vCenter Server passwords must contain at least one lowercase character. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCSA-80-000077 - The vCenter Server must enable FIPS-validated cryptography. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-80-000079 - The vCenter Server must enforce a 90-day maximum password lifetime restriction. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCSA-80-000089 - The vCenter Server must terminate vSphere Client sessions after 15 minutes of inactivity. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-80-000150 - The vCenter server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, of all audit failure events requiring real-time alerts. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| VCSA-80-000158 - The vCenter Server must compare internal information system clocks at least every 24 hours with an authoritative time server. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | AUDIT AND ACCOUNTABILITY |
| VCSA-80-000195 - The vCenter Server Machine Secure Sockets Layer (SSL) certificate must be issued by a DOD certificate authority. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-80-000248 - The vCenter Server must disable the Customer Experience Improvement Program (CEIP). | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000267 - The vCenter Server must disable the distributed virtual switch health check. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000268 - The vCenter Server must set the distributed port group Forged Transmits policy to "Reject". | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000270 - The vCenter Server must set the distributed port group Promiscuous Mode policy to "Reject". | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000271 - The vCenter Server must only send NetFlow traffic to authorized collectors. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000273 - The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000274 - The vCenter Server must not configure all port groups to virtual local area network (VLAN) values reserved by upstream physical switches. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000280 - The vCenter server must be configured to send events to a central log server. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | AUDIT AND ACCOUNTABILITY |
| VCSA-80-000282 - The vCenter Server must configure the vSAN Datastore name to a unique name. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000283 - The vCenter Server must disable Username/Password and Windows Integrated Authentication. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000284 - The vCenter Server must restrict access to the default roles with cryptographic permissions. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000285 - The vCenter Server must restrict access to cryptographic permissions. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000291 - The vCenter Server must limit membership to the "TrustedAdmins" Single Sign-On (SSO) group. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000292 - The vCenter server configuration must be backed up on a regular basis. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000298 - The vCenter Server must separate authentication and authorization for administrators. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000300 - The vCenter Server must remove unauthorized port mirroring sessions on distributed switches. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000302 - The vCenter Server must reset port configuration when virtual machines are disconnected. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000305 - The vCenter Server must disable accounts used for Integrated Windows Authentication (IWA). | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCUI-67-000027 - vSphere UI log files must be moved to a permanent repository in accordance with site policy - access | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCUI-67-000027 - vSphere UI log files must be moved to a permanent repository in accordance with site policy - runtime | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCWN-65-000004 - The vCenter Server for Windows must terminate management sessions after 10 minutes of inactivity. | DISA VMware vSphere 6.5 vCenter Server for Windows STIG v2r3 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
