| 2.5.2 Ensure Web session timeout is set to less than or equal to 10 minutes | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| ESXI-70-000003 - The ESXi host must verify the exception users list for lockdown mode. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000007 - The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via the Direct Console User Interface (DCUI). | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | ACCESS CONTROL |
| ESXI-70-000032 - The ESXi host must prohibit the reuse of passwords within five iterations. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000036 - The ESXi host must disable ESXi Shell unless needed for diagnostics or troubleshooting. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000041 - The ESXi host must set a timeout to automatically disable idle shell sessions after two minutes. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000046 - The ESXi host must configure NTP time synchronization. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-70-000057 - The ESXi host must configure the firewall to block network traffic by default - incoming | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000058 - The ESXi host must enable Bridge Protocol Data Units (BPDU) filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000065 - All port groups on standard switches must not be configured to virtual local area network (VLAN) values reserved by upstream physical switches. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000072 - The ESXi host must have all security patches and updates installed. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000088 - The ESXi host must configure a session timeout for the vSphere API. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCLD-70-000004 - VAMI must be configured to monitor remote access. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCLD-70-000006 - VAMI must produce log records containing sufficient information to establish what type of events occurred. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLD-70-000010 - VAMI must only load allowed server modules | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-70-000019 - VAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8 - rb | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPG-70-000002 - VMware Postgres log files must contain required fields. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPG-70-000004 - VMware Postgres must be configured to overwrite older logs when necessary. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPG-70-000005 - The VMware Postgres database must protect log files from unauthorized access and modification. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPG-70-000006 - All vCenter database (VCDB) tables must be owned by the 'vc' user account. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCPG-70-000009 - VMware Postgres must require authentication on all connections. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCPG-70-000012 - VMware Postgres must enforce authorized access to all public key infrastructure (PKI) private keys. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCPG-70-000013 - VMware Postgres must use FIPS 140-2 approved Transport Layer Security (TLS) ciphers. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPG-70-000014 - VMware Postgres must write log entries to disk prior to returning operation success or failure. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPG-70-000018 - VMware Postgres must be configured to log to 'stderr'. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPG-70-000020 - VMware Postgres must use Coordinated Universal Time (UTC) for log timestamps. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCRP-70-000003 - Envoy must be configured to operate in FIPS mode. | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCRP-70-000006 - Envoy must exclusively use the HTTPS protocol for client connections. | DISA STIG VMware vSphere 7.0 RhttpProxy v1r1 | Unix | ACCESS CONTROL |
| VCSA-70-000034 - The vCenter Server must produce audit records containing information to establish what type of events occurred. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000057 - vCenter Server plugins must be verified. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000070 - The vCenter Server must prohibit password reuse for a minimum of five generations. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000071 - The vCenter Server passwords must contain at least one uppercase character. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000074 - The vCenter Server passwords must contain at least one special character. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000079 - The vCenter Server must enforce a 60-day maximum password lifetime restriction. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000080 - The vCenter Server must enable revocation checking for certificate-based authentication. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000095 - The vCenter Server users must have the correct roles assigned. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-70-000123 - The vCenter Server must provide an immediate real-time alert to the system administrator (SA) and information system security officer (ISSO), at a minimum, on every Single Sign-On (SSO) account action. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | ACCESS CONTROL |
| VCSA-70-000145 - The vCenter Server must set the interval for counting failed login attempts to at least 15 minutes. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | ACCESS CONTROL |
| VCSA-70-000148 - The vCenter Server must be configured to send logs to a central log server. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000195 - The vCenter Server Machine Secure Sockets Layer (SSL) certificate must be issued by a DOD certificate authority. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-70-000265 - The vCenter server must disable SNMPv1/2 receivers. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCSA-70-000266 - The vCenter Server must require an administrator to unlock an account locked due to excessive login failures. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | ACCESS CONTROL |
| VCSA-70-000269 - The vCenter Server must set the distributed port group Media Access Control (MAC) Address Change policy to 'Reject'. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000270 - The vCenter Server must set the distributed port group Promiscuous Mode policy to 'Reject'. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000273 - The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000275 - The vCenter Server must configure the 'vpxuser' auto-password to be changed every 30 days. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000294 - vCenter Native Key Providers must be backed up with a strong password. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| WA00515 A22 - Automatic directory indexing must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | CONFIGURATION MANAGEMENT |
| WBSP-AS-000770 - The WebSphere Application Server wsadmin file must be protected from unauthorized access. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| WBSP-AS-000770 - The WebSphere Application Server wsadmin file must be protected from unauthorized access. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | AUDIT AND ACCOUNTABILITY |
