| Administrative actions are logged | AUDIT AND ACCOUNTABILITY |
| All network interfaces are operating in full-duplex mode | CONFIGURATION MANAGEMENT |
| Auto-start is not enabled | CONFIGURATION MANAGEMENT |
| Disable promiscuous mode on all network interfaces | CONFIGURATION MANAGEMENT |
| Disallow unplug detection on the storage network interface | CONFIGURATION MANAGEMENT |
| Enable only necessary and secure services, protocols, daemons - 'lwsmd' | CONFIGURATION MANAGEMENT |
| Enable only necessary and secure services, protocols, daemons - 'snapwatchd' | CONFIGURATION MANAGEMENT |
| Enable only necessary and secure services, protocols, daemons - 'sshd' | CONFIGURATION MANAGEMENT |
| Enable port locking by default on the VM guest network | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable QoS on all VM guests | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable remote syslog | AUDIT AND ACCOUNTABILITY |
| Ensure IP forwarding is disabled | SYSTEM AND COMMUNICATIONS PROTECTION |
| External authentication is disabled | IDENTIFICATION AND AUTHENTICATION |
| High availability is enabled | CONTINGENCY PLANNING |
| Host is enabled | CONFIGURATION MANAGEMENT |
| Host version | CONFIGURATION MANAGEMENT |
| Identify a network interface to be used for storage access | CONFIGURATION MANAGEMENT |
| Install a trusted CA certificate on the pool | SYSTEM AND COMMUNICATIONS PROTECTION |
| Install a trusted certificate in place of the default self-signed SSL certificate | SYSTEM AND COMMUNICATIONS PROTECTION |
| List bonded NIC groups | CONFIGURATION MANAGEMENT |
| List crash dumps | CONFIGURATION MANAGEMENT |
| List halted VMs | CONFIGURATION MANAGEMENT |
| List networks | CONFIGURATION MANAGEMENT |
| List non-default VM templates | CONFIGURATION MANAGEMENT |
| List patches | SYSTEM AND INFORMATION INTEGRITY |
| List physical storage locations | CONFIGURATION MANAGEMENT |
| List running VMs | CONFIGURATION MANAGEMENT |
| List security roles | ACCESS CONTROL |
| List users | ACCESS CONTROL |
| List virtual disks | CONFIGURATION MANAGEMENT |
| List VLANs | CONFIGURATION MANAGEMENT |
| List VM CPU allocations | CONFIGURATION MANAGEMENT |
| List VM memory allocations | CONFIGURATION MANAGEMENT |
| NTP client configured | AUDIT AND ACCOUNTABILITY |
| Only allow access to required network services | SYSTEM AND COMMUNICATIONS PROTECTION |
| Passwords stored in 'secrets' are not visible | IDENTIFICATION AND AUTHENTICATION |
| Restrict allowed IPv4 addresses used by each VM guest | SYSTEM AND COMMUNICATIONS PROTECTION |
| Restrict allowed IPv6 addresses used by each VM guest | SYSTEM AND COMMUNICATIONS PROTECTION |
| Review accounts used to mount remote storage | CONFIGURATION MANAGEMENT |
| Snapshots are not present | SYSTEM AND COMMUNICATIONS PROTECTION |
| The hosts.allow file limits access to the local network | SYSTEM AND COMMUNICATIONS PROTECTION |
| The hosts.deny file blocks access by default | SYSTEM AND COMMUNICATIONS PROTECTION |
| TNS_BestPractice_Citrix_Hypervisor.audit | |
| Use a static IP on the management network interface | CONFIGURATION MANAGEMENT |
| Use a static IP on the storage network interface | CONFIGURATION MANAGEMENT |
| XAPI SSL certificate is in default location | CONFIGURATION MANAGEMENT |
