| ESXI-70-000010 - The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | ACCESS CONTROL |
| ESXI-70-000013 - The ESXi host Secure Shell (SSH) daemon must not allow host-based authentication. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000015 - The ESXi host Secure Shell (SSH) daemon must not allow authentication using an empty password. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000016 - The ESXi host Secure Shell (SSH) daemon must not permit user environment settings. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000021 - The ESXi host Secure Shell (SSH) daemon must not allow compression or must only allow compression after successful authentication. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000023 - The ESXi host Secure Shell (SSH) daemon must be configured to not allow X11 forwarding. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000090 - The ESXi host rhttpproxy daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | ACCESS CONTROL |
| ESXI-70-000094 - The ESXi host must require TPM-based configuration encryption. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000095 - The ESXi host must implement Secure Boot enforcement. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| PHTN-30-000003 - The Photon operating system must display the Standard Mandatory DOD Notice and Consent Banner before granting Secure Shell (SSH) access. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL |
| PHTN-30-000006 - The Photon operating system must have the sshd SyslogFacility set to 'authpriv' - authpriv. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL |
| PHTN-30-000015 - The Photon operating system audit log must attempt to log audit failures to syslog. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000017 - The Photon operating system audit log must be owned by root. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000022 - The Photon operating system must enforce password complexity by requiring that at least one lowercase character be used. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000026 - The Photon operating system must use an OpenSSH server version that does not support protocol 1. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-30-000027 - The Photon operating system must be configured so that passwords for new users are restricted to a 24-hour minimum lifetime. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000062 - The Photon operating system must require users to reauthenticate for privilege escalation. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000069 - The Photon operating system must audit the 'insmod' module - insmod module | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000072 - The Photon operating system must set the 'FAIL_DELAY' parameter. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000075 - The Photon operating system must create a home directory for all new local interactive user accounts. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000080 - The Photon operating system must configure sshd to disable X11 forwarding. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000084 - The Photon operating system must configure sshd to disallow compression of the encrypted session stream. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000089 - The Photon operating system must be configured so the x86 Ctrl-Alt-Delete key sequence is disabled on the command line. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000092 - The Photon operating system must be configured so that all global initialization scripts are protected from unauthorized modification. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000093 - The Photon operating system must be configured so that all system startup scripts are protected from unauthorized modification. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000097 - The Photon operating system must be configured so that all cron paths are protected from unauthorized modification. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000101 - The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000102 - The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000105 - The Photon operating system must not perform multicast packet forwarding. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000112 - The Photon operating system must protect sshd configuration from unauthorized access. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000114 - The Photon operating system must set the 'umask' parameter correctly. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000118 - The Photon operating system must ensure the old passwords are being stored. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| VCEM-67-000008 - ESX Agent Manager application files must be verified for their integrity. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| VCEM-67-000009 - ESX Agent Manager must only run one webapp. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000018 - ESX Agent Manager must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-67-000020 - ESX Agent Manager must set 'URIEncoding' to UTF-8 - URIEncoding to UTF-8. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000025 - ESX Agent Manager must not enable support for TRACE requests. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - catalina | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000030 - ESX Agent Manager must disable the shutdown port. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-06-000001 - The system must prohibit password reuse for a minimum of five generations. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000009 - The system must use Active Directory authentication. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000017 - The system must not override port group settings at the port level on distributed switches. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000024 - The system must ensure the vpxuser password meets length policy. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000025 - The system must disable the managed object browser at all times, when not required for troubleshooting or maintenance. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000027 - The system must minimize access to the vCenter server. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000032 - A least-privileges assignment must be used for the Update Manager database user. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000034 - The system must use unique service accounts when applications connect to vCenter. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000036 - The system must produce audit records containing information to establish what type of events occurred. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| VCWN-06-000039 - Passwords must be at least 15 characters in length. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VMCH-70-000002 - Drag and drop operations must be disabled on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
