| 4.4.10 Ensure 'trustedHeaderOrigin' is set to trusted host names and IP addresses | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly' | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 8.1 Ensure ServerTokens is Set to 'Prod' or 'ProductOnly' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| ESXI-70-000012 - The ESXi host Secure Shell (SSH) daemon must ignore '.rhosts' files - .rhosts files. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ESXI-70-000020 - The ESXi host Secure Shell (SSH) daemon must perform strict mode checking of home directory configuration files. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000027 - The ESXi host Secure Shell (SSH) daemon must set a timeout interval on idle sessions. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000047 - The ESXi Image Profile and vSphere Installation Bundle (VIB) acceptance levels must be verified. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000056 - The ESXi host must configure the firewall to restrict access to services running on the host. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000084 - The ESXi host must enable audit logging. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| JBOS-AS-000010 - HTTP management session traffic must be encrypted. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
| JUEX-L2-000010 - The Juniper EX switch must be configured to disable non-essential capabilities. | DISA Juniper EX Series Layer 2 Switch v2r3 | Juniper | CONFIGURATION MANAGEMENT |
| PHTN-30-000008 - The Photon operating system must have the sshd LogLevel set to 'INFO' - INFO. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL |
| PHTN-30-000013 - The Photon operating system must have the auditd service running. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| PHTN-30-000016 - The Photon operating system audit log must have correct permissions. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000018 - The Photon operating system audit log must be group-owned by root. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000020 - The Photon operating system must generate audit records when successful/unsuccessful attempts to access privileges occur. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY, MAINTENANCE |
| PHTN-30-000032 - The Photon operating system must disable the loading of unnecessary kernel modules. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000035 - The Photon operating system must disable new accounts immediately upon password expiration. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000038 - The Photon operating system must configure sshd to disconnect idle Secure Shell (SSH) sessions. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-30-000040 - The Photon operating system '/var/log' directory must be owned by root. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-30-000041 - The Photon operating system messages file must have the correct ownership and file permissions. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-30-000044 - The Photon operating system must audit all account disabling actions. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL |
| PHTN-30-000047 - The Photon operating system audit files and directories must have correct permissions. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000050 - The Photon operating system must enforce password complexity by requiring that at least one special character be used. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000051 - The Photon operating system package files must not be modified. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000054 - The Photon operating system must audit the execution of privileged functions. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| PHTN-30-000065 - The Photon operating system must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-70-000006 - ESX Agent Manager must generate log records for system startup and shutdown. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-70-000011 - ESX Agent Manager must be configured to limit access to internal packages. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-70-000020 - ESX Agent Manager must set URIEncoding to UTF-8 - URIEncoding to UTF-8. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-70-000029 - Rsyslog must be configured to monitor and ship ESX Agent Manager log files. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLD-67-000016 - VAMI must only load allowed server modules - mod_access | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-67-000016 - VAMI must only load allowed server modules - mod_proxy | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-70-000002 - Lookup Service must limit the number of concurrent connections permitted. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | ACCESS CONTROL |
| VCLU-70-000004 - Lookup Service must protect cookies from cross-site scripting (XSS) - XSS. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLU-70-000005 - Lookup Service must record user access in a format that enables monitoring of remote access. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCPF-70-000006 - Performance Charts must generate log records for system startup and shutdown. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCPF-70-000008 - Performance Charts application files must be verified for their integrity. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | CONFIGURATION MANAGEMENT |
| VCSA-80-000059 - The vCenter Server must uniquely identify and authenticate users or processes acting on behalf of users. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| VCST-70-000003 - The Security Token Service must limit the maximum size of a POST request. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | ACCESS CONTROL |
| VCST-70-000004 - The Security Token Service must protect cookies from cross-site scripting (XSS). | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-70-000004 - vSphere UI must protect cookies from cross-site scripting (XSS). | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-70-000008 - vSphere UI application files must be verified for their integrity. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-70-000010 - vSphere UI must not be configured with the 'UserDatabaseRealm' enabled. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-70-000015 - vSphere UI must be configured with memory leak protection. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-70-000020 - vSphere UI must limit the number of allowed connections. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-70-000033 - The vSphere UI default servlet must be set to 'readonly'. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCWN-65-000021 - The vCenter Server for Windows must enable SSL for Network File Copy (NFC). | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000024 - The vCenter Server for Windows must configure the vpxuser password meets length policy. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
