| 1.3.1 Ensure 'Enforce user logon restrictions' is set to 'Enabled' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - OIS.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - POWERPNT.EXE | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.16.1 Ensure 'Download Mode' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 20.1 Ensure 'Accounts require passwords' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 20.34 Ensure 'Manually managed application account passwords are 14 characters in length' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 20.51 Ensure 'Permissions for the system drive root directory must conform to minimum requirements' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.65 Ensure 'The system must have the Roles and Features required for it documented' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| ESXI-70-000009 - The ESXi host SSH daemon must be configured with the DOD logon banner. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | ACCESS CONTROL |
| ESXI-70-000078 - The ESXi host must use DOD-approved certificates. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000092 - The ESXi host must not be configured to override virtual machine (VM) configurations. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000093 - The ESXi host must not be configured to override virtual machine (VM) logger settings. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000004 - The Photon operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL |
| PHTN-30-000007 - The Photon operating system must have sshd authentication logging enabled. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL |
| PHTN-30-000010 - The Photon operating system must configure auditd to log to disk. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000012 - The Photon operating system must be configured to audit the execution of privileged functions. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000028 - The Photon operating system must be configured so that passwords for new users are restricted to a 90-day maximum lifetime. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000056 - The Photon operating system must configure auditd to keep logging in the event max log file size is reached. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000064 - The Photon operating system must configure sshd to use FIPS 140-2 ciphers. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-30-000066 - The Photon operating system must remove all software components after updated versions have been installed. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-30-000073 - The Photon operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000082 - The Photon operating system must configure sshd to disallow Kerberos authentication. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000095 - The Photon operating system must be configured so the '/etc/cron.allow' file is protected from unauthorized modification. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000103 - The Photon operating system must log IPv4 packets with impossible addresses. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000111 - The Photon operating system must protect all boot configuration files from unauthorized modification. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000117 - The Photon operating system must store only encrypted representations of passwords. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000119 - The Photon operating system must configure sshd to restrict AllowTcpForwarding. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000120 - The Photon operating system must configure sshd to restrict LoginGraceTime. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000005 - ESX Agent Manager must record user access in a format that enables monitoring of remote access. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCEM-67-000010 - ESX Agent Manager must not be configured with unsupported realms. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - firstboot | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000027 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files - stdout | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCWN-06-000002 - The system must not automatically refresh client sessions. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-06-000004 - The system must terminate management sessions after 10 minutes of inactivity. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-06-000005 - The vCenter Server users must have the correct roles assigned. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-06-000010 - The system must limit the use of the built-in SSO administrative account. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000015 - The system must ensure the distributed port group Promiscuous Mode policy is set to reject. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000016 - The system must only send NetFlow traffic to authorized collectors. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000018 - All port groups must be configured to a value other than that of the native VLAN. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000035 - vSphere Client plugins must be verified. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000041 - Passwords must contain at least one lowercase character. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000042 - Passwords must contain at least one numeric character. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000049 - The system must alert administrators on permission deletion operations. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| VCWN-06-000050 - The system must alert administrators on permission update operations. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| VCWN-06-000053 - The connectivity between VSAN Health Check and public Hardware Compatibility List must be disabled or restricted. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000001 - Copy operations must be disabled on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000003 - Paste operations must be disabled on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000012 - Unauthorized USB devices must be disconnected on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000016 - Unauthorized removal, connection, and modification of devices must be prevented on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
