| DISA_VMware_vSphere_8.0_vCenter_Appliance_Photon_OS_4.0_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | |
| PHTN-40-000003 The Photon operating system must audit all account creations. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| PHTN-40-000004 The Photon operating system must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. | ACCESS CONTROL |
| PHTN-40-000005 The Photon operating system must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system. | ACCESS CONTROL |
| PHTN-40-000007 The Photon operating system must limit the number of concurrent sessions to ten for all accounts and/or account types. | ACCESS CONTROL |
| PHTN-40-000012 The Photon operating system must monitor remote access logins. | ACCESS CONTROL |
| PHTN-40-000013 The Photon operating system must have the OpenSSL FIPS provider installed to protect the confidentiality of remote access sessions. | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000014 The Photon operating system must configure auditd to log to disk. | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000016 The Photon operating system must enable the auditd service. | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| PHTN-40-000019 The Photon operating system must be configured to audit the execution of privileged functions. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| PHTN-40-000021 The Photon operating system must alert the ISSO and SA in the event of an audit processing failure. | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000026 The Photon operating system must protect audit logs from unauthorized access. | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000030 The Photon operating system must allow only authorized users to configure the auditd service. | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000031 The Photon operating system must generate audit records when successful/unsuccessful attempts to access privileges occur. | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000035 The Photon operating system must enforce password complexity by requiring that at least one uppercase character be used. | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000036 The Photon operating system must enforce password complexity by requiring that at least one lowercase character be used. | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000037 The Photon operating system must enforce password complexity by requiring that at least one numeric character be used. | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000038 The Photon operating system must require the change of at least eight characters when passwords are changed. | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000039 The operating system must store only encrypted representations of passwords. | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000040 The Photon operating system must not have the telnet package installed. | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000041 The Photon operating system must enforce one day as the minimum password lifetime. | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000042 The Photon operating systems must enforce a 90-day maximum password lifetime restriction. | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000043 The Photon operating system must prohibit password reuse for a minimum of five generations. | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000044 The Photon operating system must enforce a minimum 15-character password length. | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000046 The Photon operating system must require authentication upon booting into single-user and maintenance modes. | ACCESS CONTROL |
| PHTN-40-000047 The Photon operating system must disable unnecessary kernel modules. | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000049 The Photon operating system must not have duplicate User IDs (UIDs). | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000059 The Photon operating system must use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module. | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000067 The Photon operating system must restrict access to the kernel message buffer. | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000068 The Photon operating system must be configured to use TCP syncookies. | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000069 The Photon operating system must terminate idle Secure Shell (SSH) sessions after 15 minutes. | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000073 The Photon operating system /var/log directory must be restricted. | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-40-000074 The Photon operating system must reveal error messages only to authorized users. | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-40-000076 The Photon operating system must audit all account modifications. | ACCESS CONTROL |
| PHTN-40-000078 The Photon operating system must audit all account removal actions. | ACCESS CONTROL |
| PHTN-40-000079 The Photon operating system must implement only approved ciphers to protect the integrity of remote access sessions. | ACCESS CONTROL |
| PHTN-40-000080 The Photon operating system must initiate session audits at system startup. | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000082 The Photon operating system must protect audit tools from unauthorized access. | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000086 The Photon operating system must enforce password complexity by requiring that at least one special character be used. | IDENTIFICATION AND AUTHENTICATION |
| PHTN-40-000092 The Photon operating system must use cryptographic mechanisms to protect the integrity of audit tools. | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000093 The operating system must automatically terminate a user session after inactivity time-outs have expired. | ACCESS CONTROL |
| PHTN-40-000105 The Photon operating system must enable symlink access control protection in the kernel. | ACCESS CONTROL |
| PHTN-40-000107 The Photon operating system must audit the execution of privileged functions. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| PHTN-40-000108 The Photon operating system must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes occur. | ACCESS CONTROL |
| PHTN-40-000110 The Photon operating system must allocate audit record storage capacity to store audit records when audit records are not immediately sent to a central audit record storage facility. | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000112 The Photon operating system must immediately notify the SA and ISSO when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity. | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000130 The Photon operating system TDNF package management tool must cryptographically verify the authenticity of all software packages during installation. | CONFIGURATION MANAGEMENT |
| PHTN-40-000133 The Photon operating system must require users to reauthenticate for privilege escalation. | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000160 The Photon operating system must implement address space layout randomization to protect its memory from unauthorized code execution. | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-40-000161 The Photon operating system must remove all software components after updated versions have been installed. | SYSTEM AND INFORMATION INTEGRITY |
