| DISA_STIG_VMware_vSphere_7.0_VAMI_v1r2.audit from DISA VMware vSphere 7.0 VAMI v1r2 STIG | |
| VCLD-70-000001 - VAMI must limit the number of simultaneous requests. | ACCESS CONTROL |
| VCLD-70-000002 - VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-70-000003 - VAMI must use cryptography to protect the integrity of remote sessions. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-70-000004 - VAMI must be configured to monitor remote access. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCLD-70-000005 - VAMI must generate log records for system startup and shutdown. | AUDIT AND ACCOUNTABILITY |
| VCLD-70-000006 - VAMI must produce log records containing sufficient information to establish what type of events occurred. | AUDIT AND ACCOUNTABILITY |
| VCLD-70-000007 - VAMI log files must only be accessible by privileged users. | AUDIT AND ACCOUNTABILITY |
| VCLD-70-000008 - The rsyslog must be configured to monitor VAMI logs. | AUDIT AND ACCOUNTABILITY |
| VCLD-70-000009 - VAMI server binaries and libraries must be verified for their integrity. | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-70-000010 - VAMI must only load allowed server modules | CONFIGURATION MANAGEMENT |
| VCLD-70-000011 - VAMI must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled | CONFIGURATION MANAGEMENT |
| VCLD-70-000012 - VAMI must explicitly disable Multipurpose Internet Mail Extensions (MIME) mime mappings based on 'Content-Type'. | CONFIGURATION MANAGEMENT |
| VCLD-70-000013 - VAMI must remove all mappings to unused scripts. - cgi | CONFIGURATION MANAGEMENT |
| VCLD-70-000013 - VAMI must remove all mappings to unused scripts. - py | CONFIGURATION MANAGEMENT |
| VCLD-70-000014 - VAMI must have resource mappings set to disable the serving of certain file types. | CONFIGURATION MANAGEMENT |
| VCLD-70-000015 - VAMI must not have the Web Distributed Authoring (WebDAV) servlet installed. | CONFIGURATION MANAGEMENT |
| VCLD-70-000016 - VAMI must prevent hosted applications from exhausting system resources | CONFIGURATION MANAGEMENT |
| VCLD-70-000017 - VAMI must protect the keystore from unauthorized access - MIME that invoke OS shell programs disabled. | IDENTIFICATION AND AUTHENTICATION |
| VCLD-70-000018 - VAMI must protect against or limit the effects of HTTP types of denial-of-service (DoS) attacks - Content-Type. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-70-000019 - VAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8 - cgi | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-70-000019 - VAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8 - erb | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-70-000019 - VAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8 - pl | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-70-000019 - VAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8 - py | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-70-000019 - VAMI must set the encoding for all text Multipurpose Internet Mail Extensions (MIME) types to UTF-8 - rb | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-70-000020 - VAMI must disable directory browsing. | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-70-000021 - VAMI must not be configured to use 'mod_status' - WebDAV servlet installed. | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-70-000022 - VAMI must have debug logging disabled. | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-70-000023 - VAMI must be protected from being stopped by a nonprivileged user. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-70-000024 - VAMI must implement Transport Layer Security (TLS) 1.2 exclusively. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-70-000025 - VAMI must force clients to select the most secure cipher. | CONFIGURATION MANAGEMENT |
| VCLD-70-000026 - VAMI must disable client-initiated Transport Layer Security (TLS) renegotiation. | CONFIGURATION MANAGEMENT |
| VCLD-70-000027 - VAMI must be configured to hide the server type and version in client responses - DoS attacks. | SYSTEM AND INFORMATION INTEGRITY |
| VCLD-70-000056 - VAMI must enable FIPS mode. | IDENTIFICATION AND AUTHENTICATION |
