| DISA_VMware_vSphere_8.0_ESXi_STIG_v2r1.audit from DISA VMware vSphere 8.0 ESXi STIG v2r1 | |
| ESXI-80-000014 The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions. | ACCESS CONTROL |
| ESXI-80-000052 The ESXi host Secure Shell (SSH) daemon must ignore .rhosts files. | IDENTIFICATION AND AUTHENTICATION |
| ESXI-80-000085 The ESXi host must implement Secure Boot enforcement. | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| ESXI-80-000094 The ESXi host must enable Secure Boot. | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000133 The ESXi Image Profile and vSphere Installation Bundle (VIB) acceptance level must be verified. | CONFIGURATION MANAGEMENT |
| ESXI-80-000187 The ESXi host Secure Shell (SSH) daemon must be configured to only use FIPS 140-2 validated ciphers. | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000192 The ESXi host Secure Shell (SSH) daemon must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system. | ACCESS CONTROL |
| ESXI-80-000202 The ESXi host Secure Shell (SSH) daemon must not allow host-based authentication. | CONFIGURATION MANAGEMENT |
| ESXI-80-000204 The ESXi host Secure Shell (SSH) daemon must not permit user environment settings. | CONFIGURATION MANAGEMENT |
| ESXI-80-000207 The ESXi host Secure Shell (SSH) daemon must be configured to not allow gateway ports. | CONFIGURATION MANAGEMENT |
| ESXI-80-000209 The ESXi host Secure Shell (SSH) daemon must not permit tunnels. | CONFIGURATION MANAGEMENT |
| ESXI-80-000210 The ESXi host Secure Shell (SSH) daemon must set a timeout count on idle sessions. | CONFIGURATION MANAGEMENT |
| ESXI-80-000211 The ESXi host Secure Shell (SSH) daemon must set a timeout interval on idle sessions. | CONFIGURATION MANAGEMENT |
| ESXI-80-000212 The ESXi host must disable Simple Network Management Protocol (SNMP) v1 and v2c. | CONFIGURATION MANAGEMENT |
| ESXI-80-000229 The ESXi host must use DOD-approved certificates. | CONFIGURATION MANAGEMENT |
| ESXI-80-000230 The ESXi host Secure Shell (SSH) daemon must disable port forwarding. | CONFIGURATION MANAGEMENT |
| ESXI-80-000236 The ESXi host must not be configured to override virtual machine (VM) configurations. | CONFIGURATION MANAGEMENT |
| ESXI-80-000237 The ESXi host must not be configured to override virtual machine (VM) logger settings. | CONFIGURATION MANAGEMENT |
| ESXI-80-000238 The ESXi host must require TPM-based configuration encryption. | CONFIGURATION MANAGEMENT |
| ESXI-80-000245 The ESXi host must use sufficient entropy for cryptographic operations. | CONFIGURATION MANAGEMENT |
| ESXI-80-000247 The ESXi host must use DOD-approved encryption to protect the confidentiality of network sessions. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000248 The ESXi host must disable key persistence. | CONFIGURATION MANAGEMENT |
| ESXI-80-000249 The ESXi host must deny shell access for the dcui account. | CONFIGURATION MANAGEMENT |
