| VCWN-06-000001 - The system must prohibit password reuse for a minimum of five generations. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000002 - The system must not automatically refresh client sessions. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-06-000003 - The system must enforce a 60-day maximum password lifetime restriction. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000004 - The system must terminate management sessions after 10 minutes of inactivity. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-06-000005 - The vCenter Server users must have the correct roles assigned. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-06-000007 - The system must limit the effects of information-flooding types of Denial of Service (DoS) attacks. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCWN-06-000008 - The system must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events. | AUDIT AND ACCOUNTABILITY |
| VCWN-06-000009 - The system must use Active Directory authentication. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000010 - The system must limit the use of the built-in SSO administrative account. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000012 - The system must disable the distributed virtual switch health check. | CONFIGURATION MANAGEMENT |
| VCWN-06-000013 - The distributed port group Forged Transmits policy must be set to reject. | CONFIGURATION MANAGEMENT |
| VCWN-06-000014 - The system must ensure the distributed port group MAC Address Change policy is set to reject. | CONFIGURATION MANAGEMENT |
| VCWN-06-000015 - The system must ensure the distributed port group Promiscuous Mode policy is set to reject. | CONFIGURATION MANAGEMENT |
| VCWN-06-000016 - The system must only send NetFlow traffic to authorized collectors. | CONFIGURATION MANAGEMENT |
| VCWN-06-000017 - The system must not override port group settings at the port level on distributed switches. | CONFIGURATION MANAGEMENT |
| VCWN-06-000018 - All port groups must be configured to a value other than that of the native VLAN. | CONFIGURATION MANAGEMENT |
| VCWN-06-000019 - All port groups must not be configured to VLAN 4095 unless Virtual Guest Tagging (VGT) is required. | CONFIGURATION MANAGEMENT |
| VCWN-06-000020 - All port groups must not be configured to VLAN values reserved by upstream physical switches. | CONFIGURATION MANAGEMENT |
| VCWN-06-000021 - The system must enable SSL for Network File Copy (NFC). | CONFIGURATION MANAGEMENT |
| VCWN-06-000022 - The vCenter Server services must be ran using a service account instead of a built-in Windows account. | CONFIGURATION MANAGEMENT |
| VCWN-06-000023 - The system must ensure the vpxuser auto-password change meets policy. | CONFIGURATION MANAGEMENT |
| VCWN-06-000024 - The system must ensure the vpxuser password meets length policy. | CONFIGURATION MANAGEMENT |
| VCWN-06-000025 - The system must disable the managed object browser at all times, when not required for troubleshooting or maintenance. | CONFIGURATION MANAGEMENT |
| VCWN-06-000026 - Privilege re-assignment must be checked after the vCenter Server restarts. | CONFIGURATION MANAGEMENT |
| VCWN-06-000027 - The system must minimize access to the vCenter server. | CONFIGURATION MANAGEMENT |
| VCWN-06-000028 - Log files must be cleaned up after failed installations of the vCenter Server. | CONFIGURATION MANAGEMENT |
| VCWN-06-000029 - The system must enable all tasks to be shown to Administrators in the Web Client. | CONFIGURATION MANAGEMENT |
| VCWN-06-000030 - The vCenter Administrator role must be secured and assigned to specific users other than a Windows Administrator. | CONFIGURATION MANAGEMENT |
| VCWN-06-000031 - Connectivity between Update Manager and public patch repos restricted by use of a separate Update Manager Download Server. | CONFIGURATION MANAGEMENT |
| VCWN-06-000032 - A least-privileges assignment must be used for the Update Manager database user. | CONFIGURATION MANAGEMENT |
| VCWN-06-000033 - A least-privileges assignment must be used for the vCenter Server database user. | CONFIGURATION MANAGEMENT |
| VCWN-06-000034 - The system must use unique service accounts when applications connect to vCenter. | CONFIGURATION MANAGEMENT |
| VCWN-06-000035 - vSphere Client plugins must be verified. | CONFIGURATION MANAGEMENT |
| VCWN-06-000036 - The system must produce audit records containing information to establish what type of events occurred. | SYSTEM AND INFORMATION INTEGRITY |
| VCWN-06-000039 - Passwords must be at least 15 characters in length. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000040 - Passwords must contain at least one uppercase character. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000041 - Passwords must contain at least one lowercase character. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000042 - Passwords must contain at least one numeric character. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000043 - Passwords must contain at least one special character. | IDENTIFICATION AND AUTHENTICATION |
| VCWN-06-000045 - The system must limit the maximum number of failed login attempts to three. | ACCESS CONTROL |
| VCWN-06-000046 - The system must set the interval for counting failed login attempts to at least 15 minutes. | ACCESS CONTROL |
| VCWN-06-000047 - The system must require an administrator to unlock an account locked due to excessive login failures. | ACCESS CONTROL |
| VCWN-06-000048 - The system must alert administrators on permission creation operations. | SYSTEM AND INFORMATION INTEGRITY |
| VCWN-06-000049 - The system must alert administrators on permission deletion operations. | SYSTEM AND INFORMATION INTEGRITY |
| VCWN-06-000050 - The system must alert administrators on permission update operations. | SYSTEM AND INFORMATION INTEGRITY |
| VCWN-06-000051 - The system must protect the confidentiality and integrity of transmitted info by isolating IP-based storage traffic. | CONFIGURATION MANAGEMENT |
| VCWN-06-000052 - The system must enable the VSAN Health Check. | CONFIGURATION MANAGEMENT |
| VCWN-06-000053 - The connectivity between VSAN Health Check and public Hardware Compatibility List must be disabled or restricted. | CONFIGURATION MANAGEMENT |
| VCWN-06-000054 - The system must configure the VSAN Datastore name to a unique name. | CONFIGURATION MANAGEMENT |
| VCWN-06-100005 - The vCenter Server users must have the correct roles assigned. | SYSTEM AND COMMUNICATIONS PROTECTION |
