DISA VMware vSphere 8.0 ESXi STIG v2r2

Audit Details

Name: DISA VMware vSphere 8.0 ESXi STIG v2r2

Updated: 3/31/2025

Authority: DISA STIG

Plugin: Unix

Revision: 1.0

Estimated Item Count: 24

File Details

Filename: DISA_VMware_vSphere_8.0_ESXi_STIG_Bare_Metal_Host_v2r2.audit

Size: 59.7 kB

MD5: 085b840a4635ad14e0f2424286f601a5
SHA256: 06aac020ba01c745b3418f4d4abad66b14abbba8f984d7c7d0f5df26f1786372

Audit Items

DescriptionCategories
DISA_VMware_vSphere_8.0_ESXi_STIG_v2r2.audit from DISA VMware vSphere 8.0 ESXi STIG v2r2
ESXI-80-000014 - The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions.

ACCESS CONTROL

ESXI-80-000052 - The ESXi host Secure Shell (SSH) daemon must ignore .rhosts files.

IDENTIFICATION AND AUTHENTICATION

ESXI-80-000085 - The ESXi host must implement Secure Boot enforcement.

AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

ESXI-80-000094 - The ESXi host must enable Secure Boot.

AUDIT AND ACCOUNTABILITY

ESXI-80-000133 - The ESXi Image Profile and vSphere Installation Bundle (VIB) acceptance level must be verified.

CONFIGURATION MANAGEMENT

ESXI-80-000187 - The ESXi host Secure Shell (SSH) daemon must be configured to only use FIPS 140-2 validated ciphers.

SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-80-000192 - The ESXi host Secure Shell (SSH) daemon must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system.

ACCESS CONTROL

ESXI-80-000202 - The ESXi host Secure Shell (SSH) daemon must not allow host-based authentication.

CONFIGURATION MANAGEMENT

ESXI-80-000204 - The ESXi host Secure Shell (SSH) daemon must not permit user environment settings.

CONFIGURATION MANAGEMENT

ESXI-80-000207 - The ESXi host Secure Shell (SSH) daemon must be configured to not allow gateway ports.

CONFIGURATION MANAGEMENT

ESXI-80-000209 - The ESXi host Secure Shell (SSH) daemon must not permit tunnels.

CONFIGURATION MANAGEMENT

ESXI-80-000210 - The ESXi host Secure Shell (SSH) daemon must set a timeout count on idle sessions.

CONFIGURATION MANAGEMENT

ESXI-80-000211 - The ESXi host Secure Shell (SSH) daemon must set a timeout interval on idle sessions.

CONFIGURATION MANAGEMENT

ESXI-80-000212 - The ESXi host must disable Simple Network Management Protocol (SNMP) v1 and v2c.

CONFIGURATION MANAGEMENT

ESXI-80-000229 - The ESXi host must use DOD-approved certificates.

CONFIGURATION MANAGEMENT

ESXI-80-000230 - The ESXi host Secure Shell (SSH) daemon must disable port forwarding.

CONFIGURATION MANAGEMENT

ESXI-80-000236 - The ESXi host must not be configured to override virtual machine (VM) configurations.

CONFIGURATION MANAGEMENT

ESXI-80-000237 - The ESXi host must not be configured to override virtual machine (VM) logger settings.

CONFIGURATION MANAGEMENT

ESXI-80-000238 - The ESXi host must require TPM-based configuration encryption.

CONFIGURATION MANAGEMENT

ESXI-80-000245 - The ESXi host must use sufficient entropy for cryptographic operations.

CONFIGURATION MANAGEMENT

ESXI-80-000247 - The ESXi host must use DOD-approved encryption to protect the confidentiality of network sessions.

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

ESXI-80-000248 - The ESXi host must disable key persistence.

CONFIGURATION MANAGEMENT

ESXI-80-000249 - The ESXi host must deny shell access for the dcui account.

CONFIGURATION MANAGEMENT