Detections
Analytics

Item Search

NameAudit NamePluginCategory
ESXI-65-000999 - The version of ESXi running on the system must be a supported version.DISA STIG VMware vSphere ESXi 6.5 v2r4VMware

CONFIGURATION MANAGEMENT

ESXI-67-000003 - The ESXi host must verify the exception users list for Lockdown Mode.DISA STIG VMware vSphere 6.7 ESXi v1r3VMware

CONFIGURATION MANAGEMENT

ESXI-67-000015 - The ESXi host SSH daemon must not allow authentication using an empty password.DISA STIG VMware vSphere 6.7 ESXi OS v1r3Unix

CONFIGURATION MANAGEMENT

ESXI-67-000016 - The ESXi host SSH daemon must not permit user environment settings.DISA STIG VMware vSphere 6.7 ESXi OS v1r3Unix

CONFIGURATION MANAGEMENT

ESXI-67-000019 - The ESXi host SSH daemon must not permit Kerberos authentication.DISA STIG VMware vSphere 6.7 ESXi OS v1r3Unix

CONFIGURATION MANAGEMENT

ESXI-67-000021 - The ESXi host SSH daemon must not allow compression or must only allow compression after successful authentication.DISA STIG VMware vSphere 6.7 ESXi OS v1r3Unix

CONFIGURATION MANAGEMENT

ESXI-67-000028 - The ESXi host SSH daemon must limit connections to a single session.DISA STIG VMware vSphere 6.7 ESXi OS v1r3Unix

CONFIGURATION MANAGEMENT

ESXI-67-000033 - The password hashes stored on the ESXi host must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm.DISA STIG VMware vSphere 6.7 ESXi OS v1r3Unix

CONFIGURATION MANAGEMENT

ESXI-67-000058 - The ESXi host must enable BPDU filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled.DISA STIG VMware vSphere 6.7 ESXi v1r3VMware

CONFIGURATION MANAGEMENT

ESXI-67-000062 - The ESXi host must prevent unintended use of the dvFilter network APIs.DISA STIG VMware vSphere 6.7 ESXi v1r3VMware

CONFIGURATION MANAGEMENT

ESXI-67-000063 - For the ESXi host, all port groups must be configured to a value other than that of the native VLAN.DISA STIG VMware vSphere 6.7 ESXi v1r3VMware

CONFIGURATION MANAGEMENT

ESXI-67-000072 - The ESXi host must have all security patches and updates installed.DISA STIG VMware vSphere 6.7 ESXi v1r3VMware

CONFIGURATION MANAGEMENT

ESXI-67-000074 - The ESXi host must exclusively enable TLS 1.2 for all endpoints.DISA STIG VMware vSphere 6.7 ESXi v1r3VMware

CONFIGURATION MANAGEMENT

ESXI-67-000078 - The ESXi host must use DoD-approved certificates.DISA STIG VMware vSphere 6.7 ESXi OS v1r3Unix

CONFIGURATION MANAGEMENT

ESXI-67-000079 - The ESXi host must not suppress warnings that the local or remote shell sessions are enabled.DISA STIG VMware vSphere 6.7 ESXi v1r3VMware

CONFIGURATION MANAGEMENT

KNOX-07-012100 - The Samsung Android 7 with Knox must implement the management setting: Enable CC mode.AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1MDM

CONFIGURATION MANAGEMENT

KNOX-07-012300 - The Samsung Android 7 with Knox must implement the management setting: Install DoD root and intermediate PKI certificates.AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1MDM

CONFIGURATION MANAGEMENT

PHTN-40-000238 The Photon operating system must generate audit records for all access and modifications to the opasswd file.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

CONFIGURATION MANAGEMENT

PHTN-40-000247 The Photon operating system must not allow empty passwords.DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1Unix

CONFIGURATION MANAGEMENT

PHTN-67-000076 - The Photon operating system must set the FAIL_DELAY parameter.DISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

PHTN-67-000078 - The Photon operating system must ensure audit events are flushed to disk at proper intervals - flushDISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

PHTN-67-000078 - The Photon operating system must ensure audit events are flushed to disk at proper intervals - freqDISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

PHTN-67-000096 - The Photon operating system must be configured so that the /etc/skel default scripts are protected from unauthorized modification - bash_profileDISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

PHTN-67-000102 - The Photon operating system must be configured so that all cron jobs are protected from unauthorized modification.DISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

PHTN-67-000103 - The Photon operating system must be configured so that all cron paths are protected from unauthorized modification - cron.hourlyDISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

PHTN-67-000106 - The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted - net.ipv4.conf.default.accept_redirectsDISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

PHTN-67-000106 - The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted - net.ipv4.conf.eth0.accept_redirectsDISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

PHTN-67-000109 - The Photon operating system must log IPv4 packets with impossible addresses - net.ipv4.conf.all.log_martiansDISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

PHTN-67-000109 - The Photon operating system must log IPv4 packets with impossible addresses - net.ipv4.conf.default.log_martiansDISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

PHTN-67-000110 - The Photon operating system must use a reverse-path filter for IPv4 network traffic - net.ipv4.conf.default.rp_filterDISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

PHTN-67-000111 - The Photon operating system must not perform multicast packet forwarding - net.ipv6.conf.default.mc_forwardingDISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

PHTN-67-000112 - The Photon operating system must not perform IPv4 packet forwarding.DISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

VCSA-70-000273 - The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized.DISA STIG VMware vSphere 7.0 vCenter v1r3VMware

CONFIGURATION MANAGEMENT

VCST-70-000031 - The Security Token Service default servlet must be set to 'readonly'.DISA STIG VMware vSphere 7.0 STS Tomcat v1r2Unix

CONFIGURATION MANAGEMENT

VCTR-67-000015 - The vCenter Server must set the distributed port group Promiscuous Mode policy to reject.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCTR-67-000024 - The vCenter Server must configure the vpxuser password meets length policy.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCTR-67-000058 - The vCenter Server Machine SSL certificate must be issued by a DoD certificate authority.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCTR-67-000060 - The vCenter Server must enable revocation checking for certificate-based authentication.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCTR-67-000064 - The vCenter Server must restrict access to cryptographic permissions.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCTR-67-000066 - The vCenter Server must have new Key Encryption Keys (KEKs) reissued at regular intervals for vSAN encrypted datastore(s).DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCTR-67-000069 - The vCenter Server must use a limited privilege account when adding an LDAP identity source.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCTR-67-000078 - The vCenter Server must disable Password and Windows integrated authentication.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT

VCUI-80-000124 The vCenter UI service must enable 'STRICT_SERVLET_COMPLIANCE'.DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1Unix

CONFIGURATION MANAGEMENT

VCUI-80-000151 The vCenter UI service must disable 'ALLOW_BACKSLASH'.DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1Unix

CONFIGURATION MANAGEMENT

VCUI-80-000152 The vCenter UI service must enable 'ENFORCE_ENCODING_IN_GET_WRITER'.DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1Unix

CONFIGURATION MANAGEMENT

VMCH-67-000004 - Virtual disk shrinking must be disabled on the virtual machine.DISA STIG VMware vSphere 6.7 Virtual Machine v1r3VMware

CONFIGURATION MANAGEMENT

VMCH-67-000006 - Independent, non-persistent disks must be not be used on the virtual machine.DISA STIG VMware vSphere 6.7 Virtual Machine v1r3VMware

CONFIGURATION MANAGEMENT

VMCH-67-000011 - Unauthorized serial devices must be disconnected on the virtual machine.DISA STIG VMware vSphere 6.7 Virtual Machine v1r3VMware

CONFIGURATION MANAGEMENT

VMCH-67-000021 - Use of the virtual machine console must be minimized.DISA STIG VMware vSphere 6.7 Virtual Machine v1r3VMware

CONFIGURATION MANAGEMENT

VMCH-67-000024 - Encryption must be enabled for vMotion on the virtual machine.DISA STIG VMware vSphere 6.7 Virtual Machine v1r3VMware

CONFIGURATION MANAGEMENT