| 1.1.1.1 Configure AAA Authentication - TACACS if applicable | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.2 (L1) Host hardware must enable UEFI Secure Boot | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SYSTEM AND SERVICES ACQUISITION |
| 1.2.2 Configure IP Blocking on Failed Logins | CIS Cisco NX-OS v1.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.3 (L1) Host hardware must enable Intel TXT, if available | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.3.2 Post-authentication Banner | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.4 (L1) Host hardware must enable and configure a TPM 2.0 | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.5.4 Configure Logging Timestamps | CIS Cisco NX-OS v1.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.6 (L1) Host integrated hardware management controller must enable time synchronization | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.6.2 Configure a Time Zone | CIS Cisco NX-OS v1.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.6.3 If a Local Time Zone is used, Configure Daylight Savings | CIS Cisco NX-OS v1.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.9.1 Configure SNMPv3 | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.9.2 Configure SNMP Traps | CIS Cisco NX-OS v1.2.0 L1 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1 Configure Control Plane Policing | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.2 (L1) Host must have all software updates installed | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.3 (L1) Host must enable Secure Boot enforcement | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3 Ensure authentication is enabled in the sharded cluster | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | CONFIGURATION MANAGEMENT |
| 2.7 (L1) Host must have time synchronization services enabled and running | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 3.1.1.2 Configure EIGRP Passive interfaces for interfaces that do not have peers | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.2.1 Configure BGP to Log Neighbor Changes | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.4.4 Configure HSRP protections | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.2 Disable ICMP Redirects on all Layer 3 Interfaces | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3 (L1) Host must deactivate the ESXi Managed Object Browser (MOB) | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7 (L1) Host must automatically terminate idle DCUI sessions | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL |
| 3.8 (L1) Host must automatically terminate idle shells | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL |
| 3.10 (L1) Host must not suppress warnings that the shell is enabled | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 3.12 (L1) Host must lock an account after a specified number of failed login attempts | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL |
| 3.13 (L1) Host must unlock accounts after a specified timeout period | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL |
| 3.14 (L1) Host must configure the password history setting to restrict the reuse of passwords | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 3.16 (L1) Host must configure a session timeout for the API | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.19 (L1) Host must have an accurate Exception Users list | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1 Configure Local Configuration Backup Schedule | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONTINGENCY PLANNING |
| 4.2 Configure a Remote Backup Schedule | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONTINGENCY PLANNING |
| 4.5 Ensure Encryption of Data at Rest | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6 (L1) Host must enable audit record logging | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 4.8 (L1) Host must store one week of audit records | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 5.1 (L1) Host firewall must only allow traffic from authorized networks | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2 Ensure that audit filters are configured properly | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure that logging captures as much information as possible | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | AUDIT AND ACCOUNTABILITY |
| 5.6 (L1) Host should reject forged transmits on standard virtual switches and port groups | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.1 (L1) Host CIM services, if enabled, must limit access | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.2 (L1) Host must ensure all datastores have unique names | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.4.1 (L1) Host SNMP services, if enabled, must limit access | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.4 (L1) Host SSH daemon, if enabled, must not allow host-based authentication | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.5 (L1) Host SSH daemon, if enabled, must set a timeout count on idle sessions | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.7 (L1) Host SSH daemon, if enabled, must display the system login banner before granting access | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.11 (L1) Host SSH daemon, if enabled, must not permit tunnels | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 7.10 (L1) Virtual machines must remove unnecessary audio devices | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 7.14 (L1) Virtual machines must remove unnecessary parallel port devices | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 7.26 (L1) Virtual machines must limit the number of retained diagnostic logs | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
