| ESXI-67-000008 - The ESXi host must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | ACCESS CONTROL |
| ESXI-67-000029 - The ESXi host must remove keys from the SSH authorized_keys file. | DISA STIG VMware vSphere 6.7 ESXi OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-67-000048 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-67-000056 - The ESXi host must configure the firewall to restrict access to services running on the host. | DISA STIG VMware vSphere 6.7 ESXi OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-67-000057 - The ESXi host must configure the firewall to block network traffic by default - incoming | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| PHTN-67-000017 - The Photon operating system audit log must be group-owned by root. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000020 - The Photon operating system must generate audit records when successful/unsuccessful attempts to access privileges occur - 32 | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000036 - The Photon operating system must disable new accounts immediately upon password expiration. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PHTN-67-000049 - The Photon operating system audit files and directories must have correct permissions. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000057 - The Photon operating system must configure auditd to keep five rotated log files. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000074 - The Photon operating system auditd service must generate audit records for all account creations, modifications, disabling, and termination events. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000075 - The Photon operating system must use the pam_cracklib module. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000094 - The Photon operating system must configure sshd to limit the number of allowed login attempts per connection. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000095 - The Photon operating system must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line - inactive | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000100 - The Photon operating system must be configured so that all files have a valid owner and group owner. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000104 - The Photon operating system must not forward IPv4 or IPv6 source-routed packets - net.ipv4.conf.all.accept_source_route | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000104 - The Photon operating system must not forward IPv4 or IPv6 source-routed packets - net.ipv6.conf.all.accept_source_route | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000104 - The Photon operating system must not forward IPv4 or IPv6 source-routed packets - net.ipv6.conf.eth0.accept_source_route | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000107 - The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted - net.ipv4.conf.eth0.secure_redirects | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000108 - The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects - net.ipv4.conf.default.send_redirects | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000111 - The Photon operating system must not perform multicast packet forwarding - net.ipv6.conf.all.mc_forwarding | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000113 - The Photon operating system must send TCP timestamps. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000114 - The Photon OS must not have the xinetd service enabled. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000116 - The Photon operating system must be configured to protect the SSH private host key from unauthorized access. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-67-000122 - The Photon operating system must set the UMASK parameter correctly. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| SYMP-NM-000040 - Symantec ProxySG must be configured to enforce assigned privilege levels for approved administrators when accessing the management console, SSH, and the command line interface (CLI). | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | ACCESS CONTROL |
| SYMP-NM-000120 - Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized modification. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| SYMP-NM-000130 - Symantec ProxySG must protect the Web Management Console, SSH, and command line interface (CLI) from unauthorized access. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | AUDIT AND ACCOUNTABILITY |
| VCEM-67-000018 - ESX Agent Manager must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-67-000020 - ESX Agent Manager must set 'URIEncoding' to UTF-8 - URIEncoding to UTF-8. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000025 - ESX Agent Manager must not enable support for TRACE requests. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-67-000030 - ESX Agent Manager must disable the shutdown port. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000016 - VAMI must only load allowed server modules - mod_setenv | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-67-000019 - VAMI must remove all mappings to unused scripts - erb | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-67-000019 - VAMI must remove all mappings to unused scripts - py | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-67-000015 - Performance Charts must not have any symbolic links in the web content directory tree. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-67-000017 - Performance Charts must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPF-67-000021 - Performance Charts must set the welcome-file node to a default web page. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-67-000024 - Performance Charts must not enable support for TRACE requests. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-67-000026 - Performance Charts must properly configure log sizes and rotation - MaxFileSize | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCRP-67-000001 - The rhttpproxy must drop connections to disconnected clients. | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | ACCESS CONTROL |
| VCST-67-000012 - The Security Token Service must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCST-67-000013 - The Security Token Service must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCST-67-000018 - The Security Token Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-67-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter - filter-mapping | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCST-67-000030 - The Security Token Service must set the secure flag for cookies. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000006 - vSphere UI must generate log records for system startup and shutdown. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCUI-67-000023 - vSphere UI must be configured to show error pages with minimal information. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-67-000024 - vSphere UI must not enable support for TRACE requests. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-67-000029 - vSphere UI must disable the shutdown port - vsphere-ui.json | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
