| EPAS-00-012900 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the requirements of the data owner. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-67-000009 - The ESXi host SSH daemon must be configured with the DoD logon banner - DoD login banner. | DISA STIG VMware vSphere 6.7 ESXi OS v1r3 | Unix | ACCESS CONTROL |
| ESXI-67-000068 - All ESXi host-connected virtual switch VLANs must be fully documented and have only the required VLANs. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000076 - The ESXi host must enable Secure Boot. | DISA STIG VMware vSphere 6.7 ESXi OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| FGFW-ND-000075 - The FortiGate device must generate audit records when successful/unsuccessful logon attempts occur | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000080 - The FortiGate device must generate audit records for privileged activities or other system-level access | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000095 - The FortiGate device must generate audit records containing information that establishes the identity of any individual or process associated with the event. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | AUDIT AND ACCOUNTABILITY |
| FGFW-ND-000270 - The FortiGate device must terminate idle sessions after 10 minutes of inactivity. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | MAINTENANCE |
| FNFG-FW-000065 - The FortiGate firewall must disable or remove unnecessary network services and functions that are not used as part of its role in the architecture. | DISA Fortigate Firewall STIG v1r3 | FortiGate | CONFIGURATION MANAGEMENT |
| FNFG-FW-000090 - The FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly - fail-open | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000145 - The FortiGate firewall must be configured to restrict it from accepting outbound packets that contain an illegitimate address in the source address field via an egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA Fortigate Firewall STIG v1r3 | FortiGate | CONFIGURATION MANAGEMENT |
| PHTN-67-000014 - The Photon operating system audit log must attempt to log audit failures to syslog - disk_full_action | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000020 - The Photon operating system must generate audit records when successful/unsuccessful attempts to access privileges occur - uid 64 | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000032 - The Photon operating system must only allow installation of packages signed by VMware. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000038 - The Photon operating system must configure sshd to disconnect idle SSH sessions. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-67-000054 - The Photon operating system must set an inactivity timeout value for non-interactive sessions - readonly | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | ACCESS CONTROL |
| PHTN-67-000072 - The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur - faillog | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000072 - The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur - tallylog | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000087 - The Photon operating system must configure sshd to disallow Kerberos authentication. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000088 - The Photon operating system must configure sshd to use privilege separation. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000103 - The Photon operating system must be configured so that all cron paths are protected from unauthorized modification - cron.monthly | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000104 - The Photon operating system must not forward IPv4 or IPv6 source-routed packets - net.ipv4.conf.eth0.accept_source_route | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000105 - The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000107 - The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted - net.ipv4.conf.all.secure_redirects | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000107 - The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted - net.ipv4.conf.default.secure_redirects | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000108 - The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects - net.ipv4.conf.all.send_redirects | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000108 - The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects - net.ipv4.conf.eth0.send_redirects | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000109 - The Photon operating system must log IPv4 packets with impossible addresses - net.ipv4.conf.eth0.log_martians | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000110 - The Photon operating system must use a reverse-path filter for IPv4 network traffic - net.ipv4.conf.all.rp_filter | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000110 - The Photon operating system must use a reverse-path filter for IPv4 network traffic - net.ipv4.conf.eth0.rp_filter | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000118 - The Photon operating system must protect all boot configuration files from unauthorized access. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000119 - The Photon operating system must protect sshd configuration from unauthorized access. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-010063 - The Red Hat Enterprise Linux operating system must disable the login screen user list for graphical user interfaces. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-010339 - The Red Hat Enterprise Linux operating system must specify the default 'include' directory for the /etc/sudoers file - include directory for the /etc/sudoers file. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-07-020029 - The Red Hat Enterprise Linux operating system must use a file integrity tool to verify correct operation of all security functions. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000002 - ESX Agent Manager must limit the number of concurrent connections permitted. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | ACCESS CONTROL |
| VCEM-67-000016 - ESX Agent Manager must not have any symbolic links in the web content directory tree. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000021 - ESX Agent Manager must use the 'setCharacterEncodingFilter' filter - filter | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000022 - ESX Agent Manager must set the welcome-file node to a default web page. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-67-000001 - Performance Charts must limit the amount of time that each TCP connection is kept alive. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | ACCESS CONTROL |
| VCPF-67-000011 - Performance Charts must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-67-000023 - Performance Charts must be configured to show error pages with minimal information. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-67-000029 - Performance Charts must disable the shutdown port. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-67-000003 - The Security Token Service must limit the maximum size of a POST request. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | ACCESS CONTROL |
| VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - prefix | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCST-67-000016 - The Security Token Service must not have any symbolic links in the web content directory tree. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCST-67-000020 - The Security Token Service must set 'URIEncoding' to UTF-8 - URIEncoding to UTF-8. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCST-67-000025 - The Security Token Service must not enable support for TRACE requests. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-67-000011 - vSphere UI must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-67-000017 - vSphere UI must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
