| ESXI-80-000194 - The ESXi host must be configured to disable nonessential capabilities by disabling the ESXi shell. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000198 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating ESXi management traffic. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000201 - The ESXi host lockdown mode exception users list must be verified. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000226 - The ESXi host must configure a session timeout for the vSphere API. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000228 - The ESXi Common Information Model (CIM) service must be disabled. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000232 - The ESXi host must enable audit logging. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000241 - The ESXi host must not use the default Active Directory ESX Admin group. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| PHTN-30-000085 - The Photon operating system must configure sshd to display the last login immediately after authentication. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000086 - The Photon operating system must configure sshd to ignore user-specific trusted hosts lists. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000093 - The Photon operating system must be configured so that all system startup scripts are protected from unauthorized modification. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000094 - The Photon operating system must be configured so that all files have a valid owner and group owner. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000096 - The Photon operating system must be configured so that all cron jobs are protected from unauthorized modification. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000097 - The Photon operating system must be configured so that all cron paths are protected from unauthorized modification. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000101 - The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000112 - The Photon operating system must protect sshd configuration from unauthorized access. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000114 - The Photon operating system must set the 'umask' parameter correctly. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000240 - The Photon operating system must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, generate cryptographic hashes, and protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-30-000245 - The Photon operating system must disable systemd fallback Domain Name System (DNS). | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-70-000012 - VAMI must explicitly disable Multipurpose Internet Mail Extensions (MIME) mime mappings based on 'Content-Type'. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-70-000013 - VAMI must remove all mappings to unused scripts. - py | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-70-000014 - VAMI must have resource mappings set to disable the serving of certain file types. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-70-000021 - VAMI must not be configured to use 'mod_status' - WebDAV servlet installed. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-70-000027 - VAMI must be configured to hide the server type and version in client responses - DoS attacks. | DISA STIG VMware vSphere 7.0 VAMI v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-70-000002 - Performance Charts must limit the number of concurrent connections permitted. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | ACCESS CONTROL |
| VCPF-70-000010 - Performance Charts must not be configured with unsupported realms. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-70-000014 - Performance Charts must not have the Web Distributed Authoring (WebDAV) servlet installed. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-70-000016 - Performance Charts must not have any symbolic links in the web content directory tree - out-of-the box state. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-70-000018 - Performance Charts must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPF-70-000026 - Performance Charts must hide the server version | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-70-000028 - Performance Charts must have the debug option turned off. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-70-000033 - Performance Charts must set the secure flag for cookies. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPG-70-000020 - VMware Postgres must use Coordinated Universal Time (UTC) for log timestamps. | DISA STIG VMware vSphere 7.0 PostgreSQL v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000145 - The vCenter Server must set the interval for counting failed login attempts to at least 15 minutes. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | ACCESS CONTROL |
| VCSA-70-000271 - The vCenter Server must only send NetFlow traffic to authorized collectors. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000277 - The vCenter Server must be isolated from the public internet but must still allow for patch notification and delivery. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000281 - The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List (HCL) by use of an external proxy server. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000292 - The vCenter server configuration must be backed up on a regular basis. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000057 - vCenter Server plugins must be verified. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCST-70-000003 - The Security Token Service must limit the maximum size of a POST request. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | ACCESS CONTROL |
| VCST-70-000010 - The Security Token Service must not be configured with unused realms. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCST-70-000020 - The Security Token Service must set 'URIEncoding' to UTF-8. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCST-70-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter. - filter | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCST-70-000030 - The Security Token Service must set the secure flag for cookies. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-70-000031 - The Security Token Service default servlet must be set to 'readonly'. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-70-000015 - vSphere UI must be configured with memory leak protection. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-70-000019 - vSphere UI must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-70-000023 - The vSphere UI must not show directory listings. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VMCH-70-000004 - Virtual disk shrinking must be disabled on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000016 - Unauthorized removal, connection, and modification of devices must be prevented on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000027 - Log retention must be configured properly on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
