| 2.2.32 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 4.8 Restrict access to Tomcat catalina.properties | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2 Set Strong Password Creation Policies | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - PASSLENGTH = 8 | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINLOWER = 1 | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINNONALPHA = 1 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINUPPER = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINUPPER = 1 | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - NAMECHECK = yes | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 20.32 Ensure 'krbtgt account password' is no more than '180 days old' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| Do not allow drive redirection | MSCT Windows 11 v24H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| ESXI-70-000001 - Access to the ESXi host must be limited by enabling lockdown mode. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | ACCESS CONTROL |
| ESXI-70-000002 - The ESXi host must verify the DCUI.Access list. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000008 - The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via Secure Shell (SSH). | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | ACCESS CONTROL |
| ESXI-70-000030 - The ESXi host must produce audit records containing information to establish what type of events occurred. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-70-000031 - The ESXi host must be configured with a sufficiently complex password policy. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000038 - ESXi hosts using Host Profiles and/or Auto Deploy must use the vSphere Authentication Proxy to protect passwords when adding themselves to Active Directory. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000045 - The ESXi host must enable a persistent log location for all locally stored logs. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-70-000048 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000049 - The ESXi host must protect the confidentiality and integrity of transmitted information by protecting ESXi management traffic. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000054 - The ESXi host must enable bidirectional Challenge-Handshake Authentication Protocol (CHAP) authentication for Internet Small Computer Systems Interface (iSCSI) traffic. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000055 - The ESXi host must disable Inter-Virtual Machine (VM) Transparent Page Sharing. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000059 - All port groups on standard switches must be configured to reject forged transmits. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000060 - All port groups on standard switches must be configured to reject guest Media Access Control (MAC) address changes. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000063 - All port groups on standard switches must be configured to a value other than that of the native virtual local area network (VLAN). | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000064 - All port groups on standard switches must not be configured to virtual local area network (VLAN) 4095 unless Virtual Guest Tagging (VGT) is required. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| Turn on Enhanced Protected Mode | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on Enhanced Protected Mode | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on Enhanced Protected Mode | MSCT Windows 11 v23H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000002 - The vCenter Server must not automatically refresh client sessions. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000018 - The vCenter Server must configure all port groups to a value other than that of the native VLAN. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000023 - The vCenter Server must configure the vpxuser auto-password to be changed every 30 days. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000031 - The vCenter Server must restrict the connectivity between Update Manager and public patch repositories by use of a separate Update Manager Download Server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000033 - The vCenter Server must use a least-privileges assignment for the vCenter Server database user. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000034 - The vCenter Server must use unique service accounts when applications connect to vCenter. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000039 - The vCenter Server passwords must be at least 15 characters in length. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000042 - The vCenter Server passwords must contain at least one numeric character. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCTR-67-000051 - The vCenter Server users must have the correct roles assigned. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000054 - The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000057 - The vCenter Server must enable TLS 1.2 exclusively. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000061 - The vCenter Server must disable Password and Windows integrated authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000063 - The vCenter Server must restrict access to the cryptographic role. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000067 - The vCenter Server must disable the Customer Experience Improvement Program (CEIP). | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000068 - The vCenter Server must use secure Lightweight Directory Access Protocol (LDAPS) when adding an SSO identity source. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000073 - The vCenter Server must minimize access to the vCenter server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000076 - The vCenter Server Administrator role must be secured and assigned to specific users other than a Windows Administrator. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000999 - The version of vCenter running on the system must be a supported version. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| WN12-AC-000013-DC - The Kerberos policy user ticket renewal maximum lifetime must be limited to 7 days or less. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN16-DC-000050 - The Kerberos policy user ticket renewal maximum lifetime must be limited to seven days or less. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-DC-000050 - Windows Server 2019 Kerberos policy user ticket renewal maximum lifetime must be limited to seven days or less. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
