| ESXI-70-000002 - The ESXi host must verify the DCUI.Access list. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000003 - The ESXi host must verify the exception users list for lockdown mode. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000006 - The ESXi host must enforce an unlock timeout of 15 minutes after a user account is locked out. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | ACCESS CONTROL |
| ESXI-70-000042 - The ESXi host must terminate shell services after 10 minutes. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000045 - The ESXi host must enable a persistent log location for all locally stored logs. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-70-000063 - All port groups on standard switches must be configured to a value other than that of the native virtual local area network (VLAN). | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000065 - All port groups on standard switches must not be configured to virtual local area network (VLAN) values reserved by upstream physical switches. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000084 - The ESXi host must enable audit logging. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000087 - The ESXi host must enable volatile key destruction. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000088 - The ESXi host must configure a session timeout for the vSphere API. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000094 - The ESXi host must require TPM-based configuration encryption. | DISA VMware vSphere 7.0 ESXi STIG v1r4 Unix | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000097 - The ESXi Common Information Model (CIM) service must be disabled. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | CONFIGURATION MANAGEMENT |
| PHTN-30-000033 - The Photon operating system must not have duplicate User IDs (UIDs). | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-30-000056 - The Photon operating system must configure auditd to keep logging in the event max log file size is reached. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000065 - The Photon operating system must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-30-000073 - The Photon operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000079 - The Photon operating system must configure sshd to disable environment processing. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000081 - The Photon operating system must configure sshd to perform strict mode checking of home directory configuration files. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-70-000006 - ESX Agent Manager must generate log records for system startup and shutdown. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-70-000012 - ESX Agent Manager must have Multipurpose Internet Mail Extensions (MIMEs) that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-70-000013 - ESX Agent Manager must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-70-000015 - ESX Agent Manager must be configured with memory leak protection. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-70-000018 - ESX Agent Manager must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-70-000021 - ESX Agent Manager must use the 'setCharacterEncodingFilter' filter - filter-mapping | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-70-000023 - ESX Agent Manager must not show directory listings. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-70-000033 - ESX Agent Manager default servlet must be set to 'readonly'. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-70-000014 - Lookup Service must not have the Web Distributed Authoring (WebDAV) servlet installed - WebDAV servlet installed. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-70-000018 - Lookup Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLU-70-000023 - Lookup Service must be configured to hide the server version. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLU-70-000024 - Lookup Service must be configured to show error pages with minimal information. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLU-70-000025 - Lookup Service must not enable support for TRACE requests. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCTR-67-000002 - The vCenter Server must not automatically refresh client sessions. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000013 - The vCenter Server must set the distributed port group Forged Transmits policy to reject. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000015 - The vCenter Server must set the distributed port group Promiscuous Mode policy to reject. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000016 - The vCenter Server must only send NetFlow traffic to authorized collectors. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000024 - The vCenter Server must configure the vpxuser password meets length policy. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000035 - vCenter Server plugins must be verified. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000047 - The vCenter Server must require an administrator to unlock an account locked due to excessive login failures. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | ACCESS CONTROL |
| VCTR-67-000054 - The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000058 - The vCenter Server Machine SSL certificate must be issued by a DoD certificate authority. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000064 - The vCenter Server must restrict access to cryptographic permissions. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000068 - The vCenter Server must use secure Lightweight Directory Access Protocol (LDAPS) when adding an SSO identity source. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000072 - The vCenter Server services must be ran using a service account instead of a built-in Windows account. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000075 - The vCenter Server must enable all tasks to be shown to Administrators in the Web Client. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000078 - The vCenter Server must disable Password and Windows integrated authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000005 - Virtual disk erasure must be disabled on the virtual machine. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000013 - Console connection sharing must be limited on the virtual machine. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000016 - Unauthorized removal, connection and modification of devices must be prevented on the virtual machine. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000022 - The virtual machine guest operating system must be locked when the last console connection is closed. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000024 - Encryption must be enabled for vMotion on the virtual machine. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
