| ESXI-80-000005 The ESXi host must enforce the limit of three consecutive invalid logon attempts by a user. | ACCESS CONTROL |
| ESXI-80-000006 The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via the Direct Console User Interface (DCUI). | ACCESS CONTROL |
| ESXI-80-000008 The ESXi host must enable lockdown mode. | ACCESS CONTROL |
| ESXI-80-000010 The ESXi host client must be configured with an idle session timeout. | ACCESS CONTROL |
| ESXI-80-000015 The ESXi must produce audit records containing information to establish what type of events occurred. | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000035 The ESXi host must enforce password complexity by configuring a password quality policy. | IDENTIFICATION AND AUTHENTICATION |
| ESXI-80-000043 The ESXi host must prohibit password reuse for a minimum of five generations. | IDENTIFICATION AND AUTHENTICATION |
| ESXI-80-000047 The ESXi host must be configured to disable nonessential capabilities by disabling the Managed Object Browser (MOB). | CONFIGURATION MANAGEMENT |
| ESXI-80-000049 The ESXi host must uniquely identify and must authenticate organizational users by using Active Directory. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| ESXI-80-000068 The ESXi host must set a timeout to automatically end idle shell sessions after fifteen minutes. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000111 The ESXi host must enforce an unlock timeout of 15 minutes after a user account is locked out. | ACCESS CONTROL |
| ESXI-80-000113 The ESXi host must allocate audit record storage capacity to store at least one week's worth of audit records. | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000114 The ESXi host must offload logs via syslog. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| ESXI-80-000124 The ESXi host must synchronize internal information system clocks to an authoritative time source. | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000145 The ESXi host must enable bidirectional Challenge-Handshake Authentication Protocol (CHAP) authentication for Internet Small Computer Systems Interface (iSCSI) traffic. | IDENTIFICATION AND AUTHENTICATION |
| ESXI-80-000160 The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic. | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000161 The ESXi host must maintain the confidentiality and integrity of information during transmission by exclusively enabling Transport Layer Security (TLS) 1.2. | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000189 The ESXi host DCUI.Access list must be verified. | CONFIGURATION MANAGEMENT |
| ESXI-80-000191 The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via Secure Shell (SSH). | ACCESS CONTROL |
| ESXI-80-000193 The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH). | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| ESXI-80-000194 The ESXi host must be configured to disable nonessential capabilities by disabling the ESXi shell. | CONFIGURATION MANAGEMENT |
| ESXI-80-000195 The ESXi host must automatically stop shell services after 10 minutes. | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000196 The ESXi host must set a timeout to automatically end idle DCUI sessions after 10 minutes. | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000198 The ESXi host must protect the confidentiality and integrity of transmitted information by isolating ESXi management traffic. | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000199 The ESXi host must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic. | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000201 The ESXi host lockdown mode exception users list must be verified. | CONFIGURATION MANAGEMENT |
| ESXI-80-000213 The ESXi host must disable Inter-Virtual Machine (VM) Transparent Page Sharing. | CONFIGURATION MANAGEMENT |
| ESXI-80-000214 The ESXi host must configure the firewall to block network traffic by default. | CONFIGURATION MANAGEMENT |
| ESXI-80-000215 The ESXi host must enable Bridge Protocol Data Units (BPDU) filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled. | CONFIGURATION MANAGEMENT |
| ESXI-80-000216 The ESXi host must configure virtual switch security policies to reject forged transmits. | CONFIGURATION MANAGEMENT |
| ESXI-80-000217 The ESXi host must configure virtual switch security policies to reject Media Access Control (MAC) address changes. | CONFIGURATION MANAGEMENT |
| ESXI-80-000218 The ESXi host must configure virtual switch security policies to reject promiscuous mode requests. | CONFIGURATION MANAGEMENT |
| ESXI-80-000219 The ESXi host must restrict use of the dvFilter network application programming interface (API). | CONFIGURATION MANAGEMENT |
| ESXI-80-000220 The ESXi host must restrict the use of Virtual Guest Tagging (VGT) on standard switches. | CONFIGURATION MANAGEMENT |
| ESXI-80-000221 The ESXi host must have all security patches and updates installed. | CONFIGURATION MANAGEMENT |
| ESXI-80-000222 The ESXi host must not suppress warnings that the local or remote shell sessions are enabled. | CONFIGURATION MANAGEMENT |
| ESXI-80-000223 The ESXi host must not suppress warnings about unmitigated hyperthreading vulnerabilities. | CONFIGURATION MANAGEMENT |
| ESXI-80-000224 The ESXi host must verify certificates for SSL syslog endpoints. | CONFIGURATION MANAGEMENT |
| ESXI-80-000225 The ESXi host must enable volatile key destruction. | CONFIGURATION MANAGEMENT |
| ESXI-80-000226 The ESXi host must configure a session timeout for the vSphere API. | CONFIGURATION MANAGEMENT |
| ESXI-80-000227 The ESXi host must be configured with an appropriate maximum password age. | CONFIGURATION MANAGEMENT |
| ESXI-80-000228 The ESXi Common Information Model (CIM) service must be disabled. | CONFIGURATION MANAGEMENT |
| ESXI-80-000231 The ESXi host OpenSLP service must be disabled. | CONFIGURATION MANAGEMENT |
| ESXI-80-000232 The ESXi host must enable audit logging. | CONFIGURATION MANAGEMENT |
| ESXI-80-000233 The ESXi host must off-load audit records via syslog. | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000234 The ESXi host must enable strict x509 verification for SSL syslog endpoints. | CONFIGURATION MANAGEMENT |
| ESXI-80-000235 The ESXi host must forward audit records containing information to establish what type of events occurred. | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000239 The ESXi host must configure the firewall to restrict access to services running on the host. | CONFIGURATION MANAGEMENT |
| ESXI-80-000240 The ESXi host when using Host Profiles and/or Auto Deploy must use the vSphere Authentication Proxy to protect passwords when adding themselves to Active Directory. | CONFIGURATION MANAGEMENT |
| ESXI-80-000241 The ESXi host must not use the default Active Directory ESX Admin group. | CONFIGURATION MANAGEMENT |
