| ESXI-80-000005 - The ESXi host must enforce the limit of three consecutive invalid logon attempts by a user. | ACCESS CONTROL |
| ESXI-80-000006 - The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via the Direct Console User Interface (DCUI). | ACCESS CONTROL |
| ESXI-80-000008 - The ESXi host must enable lockdown mode. | ACCESS CONTROL |
| ESXI-80-000010 - The ESXi host client must be configured with an idle session timeout. | ACCESS CONTROL |
| ESXI-80-000015 - The ESXi must produce audit records containing information to establish what type of events occurred. | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000035 - The ESXi host must enforce password complexity by configuring a password quality policy. | IDENTIFICATION AND AUTHENTICATION |
| ESXI-80-000043 - The ESXi host must prohibit password reuse for a minimum of five generations. | IDENTIFICATION AND AUTHENTICATION |
| ESXI-80-000047 - The ESXi host must be configured to disable nonessential capabilities by disabling the Managed Object Browser (MOB). | CONFIGURATION MANAGEMENT |
| ESXI-80-000049 - The ESXi host must uniquely identify and must authenticate organizational users by using Active Directory. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| ESXI-80-000068 - The ESXi host must set a timeout to automatically end idle shell sessions after fifteen minutes. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000111 - The ESXi host must enforce an unlock timeout of 15 minutes after a user account is locked out. | ACCESS CONTROL |
| ESXI-80-000113 - The ESXi host must allocate audit record storage capacity to store at least one week's worth of audit records. | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000114 - The ESXi host must offload logs via syslog. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| ESXI-80-000124 - The ESXi host must synchronize internal information system clocks to an authoritative time source. | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000145 - The ESXi host must enable bidirectional Challenge-Handshake Authentication Protocol (CHAP) authentication for Internet Small Computer Systems Interface (iSCSI) traffic. | IDENTIFICATION AND AUTHENTICATION |
| ESXI-80-000160 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic. | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000189 - The ESXi host DCUI.Access list must be verified. | CONFIGURATION MANAGEMENT |
| ESXI-80-000191 - The ESXi host must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system via Secure Shell (SSH). | ACCESS CONTROL |
| ESXI-80-000193 - The ESXi host must be configured to disable nonessential capabilities by disabling Secure Shell (SSH). | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| ESXI-80-000194 - The ESXi host must be configured to disable nonessential capabilities by disabling the ESXi shell. | CONFIGURATION MANAGEMENT |
| ESXI-80-000195 - The ESXi host must automatically stop shell services after 10 minutes. | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000196 - The ESXi host must set a timeout to automatically end idle DCUI sessions after 10 minutes. | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000198 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating ESXi management traffic. | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000199 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic. | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000201 - The ESXi host lockdown mode exception users list must be verified. | CONFIGURATION MANAGEMENT |
| ESXI-80-000213 - The ESXi host must disable Inter-Virtual Machine (VM) Transparent Page Sharing. | CONFIGURATION MANAGEMENT |
| ESXI-80-000214 - The ESXi host must configure the firewall to block network traffic by default. | CONFIGURATION MANAGEMENT |
| ESXI-80-000215 - The ESXi host must enable Bridge Protocol Data Units (BPDU) filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled. | CONFIGURATION MANAGEMENT |
| ESXI-80-000216 - The ESXi host must configure virtual switch security policies to reject forged transmits. | CONFIGURATION MANAGEMENT |
| ESXI-80-000217 - The ESXi host must configure virtual switch security policies to reject Media Access Control (MAC) address changes. | CONFIGURATION MANAGEMENT |
| ESXI-80-000218 - The ESXi host must configure virtual switch security policies to reject promiscuous mode requests. | CONFIGURATION MANAGEMENT |
| ESXI-80-000219 - The ESXi host must restrict use of the dvFilter network application programming interface (API). | CONFIGURATION MANAGEMENT |
| ESXI-80-000220 - The ESXi host must restrict the use of Virtual Guest Tagging (VGT) on standard switches. | CONFIGURATION MANAGEMENT |
| ESXI-80-000221 - The ESXi host must have all security patches and updates installed. | CONFIGURATION MANAGEMENT |
| ESXI-80-000222 - The ESXi host must not suppress warnings that the local or remote shell sessions are enabled. | CONFIGURATION MANAGEMENT |
| ESXI-80-000223 - The ESXi host must not suppress warnings about unmitigated hyperthreading vulnerabilities. | CONFIGURATION MANAGEMENT |
| ESXI-80-000224 - The ESXi host must verify certificates for SSL syslog endpoints. | CONFIGURATION MANAGEMENT |
| ESXI-80-000225 - The ESXi host must enable volatile key destruction. | CONFIGURATION MANAGEMENT |
| ESXI-80-000226 - The ESXi host must configure a session timeout for the vSphere API. | CONFIGURATION MANAGEMENT |
| ESXI-80-000227 - The ESXi host must be configured with an appropriate maximum password age. | CONFIGURATION MANAGEMENT |
| ESXI-80-000228 - The ESXi Common Information Model (CIM) service must be disabled. | CONFIGURATION MANAGEMENT |
| ESXI-80-000231 - The ESXi host OpenSLP service must be disabled. | CONFIGURATION MANAGEMENT |
| ESXI-80-000232 - The ESXi host must enable audit logging. | CONFIGURATION MANAGEMENT |
| ESXI-80-000233 - The ESXi host must off-load audit records via syslog. | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000234 - The ESXi host must enable strict x509 verification for SSL syslog endpoints. | CONFIGURATION MANAGEMENT |
| ESXI-80-000235 - The ESXi host must forward audit records containing information to establish what type of events occurred. | AUDIT AND ACCOUNTABILITY |
| ESXI-80-000239 - The ESXi host must configure the firewall to restrict access to services running on the host. | CONFIGURATION MANAGEMENT |
| ESXI-80-000240 - The ESXi host when using Host Profiles and/or Auto Deploy must use the vSphere Authentication Proxy to protect passwords when adding themselves to Active Directory. | CONFIGURATION MANAGEMENT |
| ESXI-80-000241 - The ESXi host must not use the default Active Directory ESX Admin group. | CONFIGURATION MANAGEMENT |
| ESXI-80-000243 - The ESXi host must configure a persistent log location for all locally stored logs. | AUDIT AND ACCOUNTABILITY |
