| ESXI5-VM-000002 - The system must disable tools auto install. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000003 - The system must explicitly disable copy operations. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000004 - The system must explicitly disable drag and drop operations. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000005 - The system must explicitly disable any GUI functionality for copy/paste operations. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000006 - The system must explicitly disable paste operations. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000014 - The unexposed feature keyword isolation.tools.ghi.autologon.disable must be initialized to decrease the VMs potential attack vectors. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000015 - The unexposed feature keyword isolation.bios.bbs.disable must be initialized to decrease the VMs potential attack vectors. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000016 - The unexposed feature keyword isolation.tools.getCreds.disable must be initialized to decrease the VMs potential attack vectors. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000017 - The unexposed feature keyword isolation.tools.ghi.launchmenu.change must be initialized to decrease the VMs potential attack vectors. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000018 - The unexposed feature keyword isolation.tools.memSchedFakeSampleStats.disable must be initialized to decrease the VMs potential attack vectors. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000020 - The unexposed feature keyword isolation.ghi.host.shellAction.disable must be initialized to decrease the VMs potential attack vectors. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000021 - The unexposed feature keyword isolation.tools.dispTopoRequest.disable must be initialized to decrease the VMs potential attack vectors. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000022 - The unexposed feature keyword isolation.tools.trashFolderState.disable must be initialized to decrease the VMs potential attack vectors. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000023 - The unexposed feature keyword isolation.tools.ghi.trayicon.disable must be initialized to decrease the VMs potential attack vectors. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000024 - The unexposed feature keyword isolation.tools.unity.disable must be initialized to decrease the VMs potential attack vectors. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000025 - The unexposed feature keyword isolation.tools.unityInterlockOperation.disable must be initialized to decrease the VMs potential attack vectors. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000027 - The unexposed feature keyword isolation.tools.unity.taskbar.disable must be initialized to decrease the VMs potential attack vectors. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000028 - The unexposed feature keyword isolation.tools.unityActive.disable must be initialized to decrease the VMs potential attack vectors. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000029 - The unexposed feature keyword isolation.tools.unity.windowContents.disable must be initialized to decrease the VMs potential attack vectors. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000033 - The system must disable VIX messages from the VM. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000043 - The system must limit informational messages from the VM to the VMX file. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000050 - The system must use templates to deploy VMs whenever possible. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000051 - The system must control access to VMs through the dvfilter network APIs. | DISA STIG VMWare ESXi 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000001 - All dvPortgroup VLAN IDs must be fully documented. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000002 - All dvSwitch Private VLAN IDs must be fully documented. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000003 - All virtual switches must have a clear network label. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000004 - Virtual switch VLANs must be fully documented and have only the required VLANs. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000005 - All vSwitch and VLAN IDs must be fully documented - 'vSwitch labels' | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000006 - All IP-based storage traffic must be isolated to a management-only network using a dedicated, physical network adaptor. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000007 - Only authorized administrators must have access to virtual networking components. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000008 - All physical switch ports must be configured with spanning tree disabled. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000009 - All port groups must be configured with a clear network label. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000020 - The system must ensure there are no unused ports on a distributed virtual port group. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000025 - Spanning tree protocol must be enabled and BPDU guard and Portfast must be disabled on the upstream physical switch port for virtual machines that route or bridge traffic. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000026 - The system must disable the autoexpand option for VDS dvPortgroups. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000036 - All IP-based storage traffic must be isolated to a management-only network using a dedicated, management-only vSwitch. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000046 - All IP-based storage traffic must be isolated using a vSwitch containing management-only port groups. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN000380-ESXI5-000043 - The GID assigned to a user must exist. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN001375-ESXI5-000086 - For systems using DNS resolution, at least two name servers must be configured. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN001440 - All interactive users must be assigned a home directory in the /etc/passwd file. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN002260 - The system must be checked for extraneous device files at least weekly. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| GEN002260-ESXI5-000047 - The system must be checked for extraneous device files at least weekly. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN003623 - The system must use a separate file system for the system audit data path. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN005517-ESXI5-000101 - The SSH daemon must be configured to not allow gateway ports. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN005518-ESXI5-704 - The SSH client must be configured to not allow gateway ports. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN005770 - The Network File System (NFS) exports configuration file must not have an extended ACL. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008460-ESXI5-000121 - The system must have USB disabled unless needed. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| GEN008480-ESXI5-000122 - The system must have USB Mass Storage disabled unless needed. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| PANW-NM-000097 - The Palo Alto Networks security platform must have alarms enabled. | DISA STIG Palo Alto NDM v3r3 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| SPLK-CL-000250 - Splunk Enterprise must be configured to aggregate log records from organization-defined devices and hosts within its scope of coverage. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | AUDIT AND ACCOUNTABILITY |
