| AIOS-15-012900 - Apple iOS/iPadOS 15 must disable password proximity requests. | MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-013100 - Apple iOS/iPadOS 15 must disable Find My Friends in the Find My app. | MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-013300 - Apple iOS/iPadOS 15 must disable 'Allow USB drive access in Files app' if the Authorizing Official (AO) has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices - Allow USB drive access in Files app if the Authorizing Official (AO) has not approved the use of DoD-approved USB storage drives with iOS/iPadOS devices. | MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-014300 - Apple iOS/iPadOS 15 must disable 'Allow network drive access in Files access' - Allow network drive access in Files access. | MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| ESXI-70-000009 - The ESXi host SSH daemon must be configured with the DOD logon banner. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | ACCESS CONTROL |
| ESXI-70-000010 - The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | ACCESS CONTROL |
| ESXI-70-000016 - The ESXi host Secure Shell (SSH) daemon must not permit user environment settings. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000025 - The ESXi host Secure Shell (SSH) daemon must not permit tunnels. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000027 - The ESXi host Secure Shell (SSH) daemon must set a timeout interval on idle sessions. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000039 - Active Directory ESX Admin group membership must not be used when adding ESXi hosts to Active Directory. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000043 - The ESXi host must log out of the console UI after two minutes. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000046 - The ESXi host must configure NTP time synchronization. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-70-000048 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000054 - The ESXi host must enable bidirectional Challenge-Handshake Authentication Protocol (CHAP) authentication for Internet Small Computer Systems Interface (iSCSI) traffic. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000059 - All port groups on standard switches must be configured to reject forged transmits. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000064 - All port groups on standard switches must not be configured to virtual local area network (VLAN) 4095 unless Virtual Guest Tagging (VGT) is required. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000074 - The ESXi host must exclusively enable Transport Layer Security (TLS) 1.2 for all endpoints. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000083 - The ESXi host OpenSLP service must be disabled. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000086 - The ESXi host must verify certificates for SSL syslog endpoints. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000090 - The ESXi host rhttpproxy daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | ACCESS CONTROL |
| PHTN-30-000003 - The Photon operating system must display the Standard Mandatory DOD Notice and Consent Banner before granting Secure Shell (SSH) access. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL |
| PHTN-30-000004 - The Photon operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL |
| PHTN-30-000005 - The Photon operating system must set a session inactivity timeout of 15 minutes or less. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL, MAINTENANCE |
| PHTN-30-000017 - The Photon operating system audit log must be owned by root. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000022 - The Photon operating system must enforce password complexity by requiring that at least one lowercase character be used. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000041 - The Photon operating system messages file must have the correct ownership and file permissions. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-30-000045 - The Photon operating system must audit all account removal actions. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL |
| PHTN-30-000048 - The Photon operating system must protect audit tools from unauthorized modification and deletion. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000054 - The Photon operating system must audit the execution of privileged functions. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| PHTN-30-000061 - The Photon operating system YUM repository must cryptographically verify the authenticity of all software packages during installation. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000069 - The Photon operating system must audit the 'insmod' module - insmod module | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000072 - The Photon operating system must set the 'FAIL_DELAY' parameter. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000080 - The Photon operating system must configure sshd to disable X11 forwarding. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000087 - The Photon operating system must configure sshd to ignore user-specific 'known_host' files. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000102 - The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000105 - The Photon operating system must not perform multicast packet forwarding. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000111 - The Photon operating system must protect all boot configuration files from unauthorized modification. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000115 - The Photon operating system must configure sshd to disallow HostbasedAuthentication. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000119 - The Photon operating system must configure sshd to restrict AllowTcpForwarding. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-67-000007 - ESX Agent Manager log files must only be modifiable by privileged users. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000017 - ESX Agent Manager directory tree must have permissions in an 'out-of-the box' state - out-of-the box state. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-67-000020 - ESX Agent Manager must set 'URIEncoding' to UTF-8 - URIEncoding to UTF-8. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000021 - ESX Agent Manager must use the 'setCharacterEncodingFilter' filter - filter-mapping | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000025 - ESX Agent Manager must not enable support for TRACE requests. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000028 - ESX Agent Manager must set the secure flag for cookies. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VMCH-70-000001 - Copy operations must be disabled on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000008 - Unauthorized floppy devices must be disconnected on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000009 - Unauthorized CD/DVD devices must be disconnected on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000015 - Informational messages from the virtual machine to the VMX file must be limited on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000029 - Encryption must be enabled for Fault Tolerance on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
