| ESXI5-VM-000001 - The system must control virtual machine access to host resources - 'Memory limit' | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000001 - The system must control virtual machine access to host resources - 'Memory reservation' | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000001 - The system must control virtual machine access to host resources - 'Memory share' | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000002 - The system must disable tools auto install. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000003 - The system must explicitly disable copy operations. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000004 - The system must explicitly disable drag and drop operations. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000005 - The system must explicitly disable any GUI functionality for copy/paste operations. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000006 - The system must explicitly disable paste operations. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000007 - The system must disable virtual disk shrinking. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000008 - The system must disable virtual disk erasure. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000009 - The system must disable HGFS file transfers. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000010 - The system must not use independent, non-persistent disks. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000011 - The system must disable VM-to-VM communication through VMCI. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000012 - The system must disable VM logging, unless required. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000013 - The system must disable VM Monitor Control during normal operation. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000014 - The unexposed feature keyword isolation.tools.ghi.autologon.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000015 - The unexposed feature keyword isolation.bios.bbs.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000016 - The unexposed feature keyword isolation.tools.getCreds.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000017 - The unexposed feature keyword isolation.tools.ghi.launchmenu.change must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000018 - The unexposed feature keyword isolation.tools.memSchedFakeSampleStats.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000019 - The unexposed feature keyword isolation.tools.ghi.protocolhandler.info.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000020 - The unexposed feature keyword isolation.ghi.host.shellAction.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000021 - The unexposed feature keyword isolation.tools.dispTopoRequest.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000022 - The unexposed feature keyword isolation.tools.trashFolderState.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000023 - The unexposed feature keyword isolation.tools.ghi.trayicon.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000024 - The unexposed feature keyword isolation.tools.unity.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000025 - The unexposed feature keyword isolation.tools.unityInterlockOperation.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000026 - The unexposed feature keyword isolation.tools.unity.push.update.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000027 - The unexposed feature keyword isolation.tools.unity.taskbar.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000028 - The unexposed feature keyword isolation.tools.unityActive.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000029 - The unexposed feature keyword isolation.tools.unity.windowContents.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000030 - The unexposed feature keyword isolation.tools.vmxDnDVersionGet.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000031 - The unexposed feature keyword isolation.tools.guestDnDVersionSet.disable must be initialized to decrease the VMs potential attack vectors. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000033 - The system must disable VIX messages from the VM. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000034 - The system must disconnect unauthorized floppy devices. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000035 - The system must disconnect unauthorized IDE devices. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000036 - The system must disconnect unauthorized parallel devices. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000037 - The system must disconnect unauthorized serial devices. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000038 - The system must disconnect unauthorized USB devices. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000039 - The system must limit sharing of console connections. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000041 - The system must limit VM logging records. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000042 - The system must limit VM logging record contents. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000043 - The system must limit informational messages from the VM to the VMX file. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000044 - The system must minimize use of the VM console. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000045 - The system must prevent unauthorized removal, connection and modification of devices by setting the isolation.device.connectable.disable keyword to true. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000046 - The system must prevent unauthorized removal, connection and modification of devices. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000047 - The system must not send host information to guests. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000049 - The system must use secure protocols for virtual serial port access. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000050 - The system must use templates to deploy VMs whenever possible. | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000051 - The system must control access to VMs through the dvfilter network APIs. | CONFIGURATION MANAGEMENT |
