| 3.1 Ensure 'deployment method retail' is set | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.5 Configure Solaris Auditing - active audit policies | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - not_terminated | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| ESXI-06-000008 - The SSH daemon must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | ACCESS CONTROL |
| ESXI-06-000030 - The system must produce audit records containing information to establish what type of events occurred. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-06-000031 - The VMM must enforce password complexity by requiring that at least one upper-case character be used. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-000037 - The system must use Active Directory for local user authentication. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-000040 - The system must use multifactor authentication for local access to privileged accounts. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-000043 - The system must logout of the console UI after a predetermined period. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | ACCESS CONTROL |
| ESXI-06-000048 - The system must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000049 - The system must protect the confidentiality and integrity of transmitted information by protecting ESXi management traffic. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000051 - The system must protect the confidentiality and integrity of transmitted information. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000054 - The system must enable bidirectional CHAP authentication for iSCSI traffic. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000055 - The system must disable Inter-VM transparent page sharing. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| ESXI-06-000057 - The system must configure the firewall to block network traffic by default - Incoming | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000058 - The system must enable BPDU filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000059 - The virtual switch Forged Transmits policy must be set to reject. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000060 - The virtual switch MAC Address Change policy must be set to reject. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000061 - The virtual switch Promiscuous Mode policy must be set to reject. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000062 - The system must prevent unintended use of the dvFilter network APIs. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | ACCESS CONTROL |
| ESXI-06-000063 - All port groups must be configured to a value other than that of the native VLAN. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000065 - All port groups must not be configured to VLAN values reserved by upstream physical switches. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000066 - The non-negotiate option must be configured for trunk links between external physical switches and virtual switches in VST mode. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000067 - All physical switch ports must be configured with spanning tree disabled. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000072 - The system must have all security patches and updates installed. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000073 - The system must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000076 - The system must configure the VSAN Datastore name to a unique name. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-100007 - The VMM must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | ACCESS CONTROL |
| ESXI-06-100030 - The VMM must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-06-100031 - The VMM must enforce password complexity by requiring that at least one lower-case character be used. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-100037 - The VMM must require individuals to be authenticated with an individual authenticator prior to using a group authenticator by using Active Directory for local user authentication. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-100038 - The VMM must require individuals to be authenticated with an individual authenticator prior to using a group authenticator by using the vSphere Authentication Proxy. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-100040 - The VMM must accept Personal Identity Verification (PIV) credentials. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-100046 - The VMM must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-06-200031 - The VMM must enforce password complexity by requiring that at least one numeric character be used. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-200035 - The VMM must provide the capability to immediately disconnect or disable remote access to the information system by disabling SSH. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-200037 - The VMM must implement replay-resistant authentication mechanisms for network access to privileged accounts by using Active Directory for local user authentication. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-200038 - The VMM must implement replay-resistant authentication mechanisms for network access to privileged accounts by using the vSphere Authentication Proxy. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-200039 - The VMM must implement replay-resistant authentication mechanisms for network access to privileged accounts by restricting use of Active Directory ESX Admin group membership. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-300004 - The VMM must protect audit information from unauthorized deletion by configuring remote logging. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI-06-300031 - The VMM must require the change of at least 8 of the total number of characters when passwords are changed. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-300039 - The VMM must implement replay-resistant authentication mechanisms for network access to non-privileged accounts by restricting use of Active Directory ESX Admin group membership. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXI-06-300040 - The VMM must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-400031 - The VMM must enforce a minimum 15-character password length. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| IIST-SI-000209 - The IIS 10.0 website must produce log records that contain sufficient information to establish the outcome (success or failure) of IIS 10.0 website events. | DISA IIS 10.0 Site v2r14 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SI-000236 - The IIS 10.0 websites connectionTimeout setting must be explicitly configured to disconnect an idle session. | DISA IIS 10.0 Site v2r14 | Windows | ACCESS CONTROL |
| IIST-SI-000244 - IIS 10.0 website session IDs must be sent to the client using TLS. | DISA IIS 10.0 Site v2r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000116 - The log data and records from the IIS 10.0 web server must be backed up onto a different system or media. | DISA IIS 10.0 Server v3r6 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000140 - Warning and error messages displayed to clients must be modified to minimize the identity of the IIS 10.0 web server, patches, loaded modules, and directory paths. | DISA IIS 10.0 Server v3r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IIST-SV-000149 - The Internet Printing Protocol (IPP) must be disabled on the IIS 10.0 web server. | DISA IIS 10.0 Server v3r6 | Windows | CONFIGURATION MANAGEMENT |
