| ESXI-70-000022 - The ESXi host Secure Shell (SSH) daemon must be configured to not allow gateway ports. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000026 - The ESXi host Secure Shell (SSH) daemon must set a timeout count on idle sessions. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000082 - The ESXi host Secure Shell (SSH) daemon must disable port forwarding. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000274 - The ESXi host SSH daemon must be configured to only use FIPS 140-2 validated ciphers. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-30-000002 - The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL |
| PHTN-30-000005 - The Photon operating system must set a session inactivity timeout of 15 minutes or less. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL, MAINTENANCE |
| PHTN-30-000011 - The Photon operating system must configure auditd to use the correct log format. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000019 - The Photon operating system must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000024 - The Photon operating system must require that new passwords are at least four characters different from the old password. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000029 - The Photon operating system must prohibit password reuse for a minimum of five generations. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000030 - The Photon operating system must enforce a minimum eight-character password length. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000046 - The Photon operating system must initiate auditing as part of the boot process. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000057 - The Photon operating system must configure auditd to log space limit problems to syslog. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000059 - The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000060 - The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000068 - The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000071 - The Photon operating system must use the 'pam_cracklib' module. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000076 - The Photon operating system must disable the debug-shell service. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000083 - The Photon operating system must configure sshd to disallow authentication with an empty password. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000087 - The Photon operating system must configure sshd to ignore user-specific 'known_host' files. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000088 - The Photon operating system must configure sshd to limit the number of allowed login attempts per connection. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000096 - The Photon operating system must be configured so that all cron jobs are protected from unauthorized modification. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000100 - The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000104 - The Photon operating system must use a reverse-path filter for IPv4 network traffic. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000106 - The Photon operating system must not perform IPv4 packet forwarding. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000107 - The Photon operating system must send Transmission Control Protocol (TCP) timestamps. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000109 - The Photon operating system must be configured to protect the Secure Shell ( SSH) private host key from unauthorized access. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000110 - The Photon operating system must enforce password complexity on the root account. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000115 - The Photon operating system must configure sshd to disallow HostbasedAuthentication. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-70-000005 - ESX Agent Manager must record user access in a format that enables monitoring of remote access. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCEM-70-000008 - ESX Agent Manager application files must be verified for their integrity. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| VCEM-70-000021 - ESX Agent Manager must use the 'setCharacterEncodingFilter' filter - filter | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLU-70-000010 - Lookup Service must not be configured with the 'UserDatabaseRealm' enabled. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-70-000015 - Performance Charts must be configured with memory leak protection. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-70-000021 - Performance Charts must use the 'setCharacterEncodingFilter' filter. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-70-000027 - Performance Charts must not enable support for TRACE requests | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCST-70-000002 - The Security Token Service must limit the number of concurrent connections permitted. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | ACCESS CONTROL |
| VCST-70-000008 - The Security Token Service application files must be verified for their integrity. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| VCST-70-000012 - The Security Token Service must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCST-70-000018 - The Security Token Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-70-000020 - The Security Token Service must set 'URIEncoding' to UTF-8. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCST-70-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter. - filter | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCST-70-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter. - filter-mapping | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCST-70-000028 - The Security Token Service must be configured with the appropriate ports. - ssl-clientauth.https | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCST-70-000031 - The Security Token Service default servlet must be set to 'readonly'. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-70-000012 - vSphere UI must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-70-000021 - vSphere UI must set URIEncoding to UTF-8. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-70-000030 - vSphere UI must be configured with the appropriate ports. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VMCH-70-000015 - Informational messages from the virtual machine to the VMX file must be limited on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000026 - Log size must be configured properly on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
