DISA STIG VMware vSphere ESXi OS 6.5 v2r3

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG VMware vSphere ESXi OS 6.5 v2r3

Updated: 12/6/2023

Authority: DISA STIG

Plugin: Unix

Revision: 1.4

Estimated Item Count: 29

File Details

Filename: DISA_STIG_VMware_vSphere_ESXi_6.5_Bare_Metal_Host_v2r3.audit

Size: 44.2 kB

MD5: d507b0350997a9719c5380df723a49f3
SHA256: c21babc651a235456f679acf8c2cd83867ff1228dd7379c55c8fb1feed630a8e

Audit Items

DescriptionCategories
DISA_STIG_VMware_vSphere_ESXi_6.5_Bare_Metal_Host_v2r3.audit from DISA VMware vSphere 6.5 ESXi v2r3 STIG
ESXI-65-000009 - The ESXi host SSH daemon must be configured with the Department of Defense (DoD) login banner.

ACCESS CONTROL

ESXI-65-000010 - The ESXi host SSH daemon must use DoD-approved encryption to protect the confidentiality of remote access sessions.

SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-65-000011 - The ESXi host SSH daemon must be configured to use only the SSHv2 protocol.
ESXI-65-000012 - The ESXi host SSH daemon must ignore .rhosts files.

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

ESXI-65-000013 - The ESXi host SSH daemon must not allow host-based authentication.

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

ESXI-65-000014 - The ESXi host SSH daemon must not permit root logins.

ACCESS CONTROL

ESXI-65-000015 - The ESXi host SSH daemon must not allow authentication using an empty password.

IDENTIFICATION AND AUTHENTICATION

ESXI-65-000016 - The ESXi host SSH daemon must not permit user environment settings.

CONFIGURATION MANAGEMENT

ESXI-65-000017 - The ESXi host SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.

SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-65-000018 - The ESXi host SSH daemon must not permit GSSAPI authentication.

IDENTIFICATION AND AUTHENTICATION

ESXI-65-000019 - The ESXi host SSH daemon must not permit Kerberos authentication.

IDENTIFICATION AND AUTHENTICATION

ESXI-65-000020 - The ESXi host SSH daemon must perform strict mode checking of home directory configuration files.

CONFIGURATION MANAGEMENT

ESXI-65-000021 - The ESXi host SSH daemon must not allow compression or must only allow compression after successful authentication.

CONFIGURATION MANAGEMENT

ESXI-65-000022 - The ESXi host SSH daemon must be configured to not allow gateway ports.

CONFIGURATION MANAGEMENT

ESXI-65-000023 - The ESXi host SSH daemon must be configured to not allow X11 forwarding.

CONFIGURATION MANAGEMENT

ESXI-65-000024 - The ESXi host SSH daemon must not accept environment variables from the client.

CONFIGURATION MANAGEMENT

ESXI-65-000025 - The ESXi host SSH daemon must not permit tunnels.

CONFIGURATION MANAGEMENT

ESXI-65-000026 - The ESXi host SSH daemon must set a timeout count on idle sessions.

ACCESS CONTROL

ESXI-65-000027 - The ESXi hostSSH daemon must set a timeout interval on idle sessions.

ACCESS CONTROL

ESXI-65-000028 - The ESXi host SSH daemon must limit connections to a single session.

ACCESS CONTROL

ESXI-65-000029 - The ESXi host must remove keys from the SSH authorized_keys file.

CONFIGURATION MANAGEMENT

ESXI-65-000032 - The ESXi host must prohibit the reuse of passwords within five iterations.

IDENTIFICATION AND AUTHENTICATION

ESXI-65-000033 - The password hashes stored on the ESXi host must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm.

IDENTIFICATION AND AUTHENTICATION

ESXI-65-000044 - The ESXi host must enable kernel core dumps.

SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-65-000047 - The ESXi Image Profile and VIB Acceptance Levels must be verified.

CONFIGURATION MANAGEMENT

ESXI-65-000056 - The ESXi host must configure the firewall to restrict access to services running on the host.

CONFIGURATION MANAGEMENT

ESXI-65-000076 - The ESXi host must enable Secure Boot.

SYSTEM AND INFORMATION INTEGRITY

ESXI-65-000078 - The ESXi host must use DoD-approved certificates.

CONFIGURATION MANAGEMENT