| 1.1.2 Ensure 'Login Banner' is set | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | AWARENESS AND TRAINING, PROGRAM MANAGEMENT |
| 1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL |
| 1.3.1 Ensure 'Minimum Password Complexity' is enabled | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1 | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 1.3.10 Ensure 'Password Profiles' do not exist | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 1.4 (L1) Host hardware must enable and configure a TPM 2.0 | CIS VMware ESXi 8.0 v1.2.0 L1 VMware | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.6.1 Ensure 'Verify Update Server Identity' is enabled | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2 Ensure redundant NTP servers are configured appropriately | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 2.1 (L1) Host must run software that has not reached End of General Support status | CIS VMware ESXi 8.0 v1.2.0 L1 VMware | VMware | SYSTEM AND SERVICES ACQUISITION |
| 2.2 Ensure that WMI probing is disabled | CIS Palo Alto Firewall 11 v1.2.0 L2 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 2.4 (L1) Host image profile acceptance level must be PartnerSupported or higher | CIS VMware ESXi 8.0 v1.2.0 L1 Unix | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.7 (L1) Host must have time synchronization services enabled and running | CIS VMware ESXi 8.0 v1.2.0 L1 VMware | VMware | AUDIT AND ACCOUNTABILITY |
| 2.9 (L1) Host must not suppress warnings about unmitigated hyperthreading vulnerabilities | CIS VMware ESXi 8.0 v1.2.0 L1 VMware | VMware | AUDIT AND ACCOUNTABILITY |
| 2.10 (L1) Host must restrict inter-VM transparent page sharing | CIS VMware ESXi 8.0 v1.2.0 L1 VMware | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.11 (L1) Host must use sufficient entropy for cryptographic operations | CIS VMware ESXi 8.0 v1.2.0 L1 Unix | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 3.2 (L1) Host must deactivate the ESXi shell | CIS VMware ESXi 8.0 v1.2.0 L1 VMware | VMware | CONFIGURATION MANAGEMENT |
| 3.3 Configure remote logging for ESXi hosts | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
| 3.5 (L1) Host must deactivate CIM | CIS VMware ESXi 8.0 v1.2.0 L1 VMware | VMware | CONFIGURATION MANAGEMENT |
| 3.9 (L1) Host must automatically deactivate shell services | CIS VMware ESXi 8.0 v1.2.0 L1 VMware | VMware | ACCESS CONTROL |
| 3.11 (L1) Host must enforce password complexity | CIS VMware ESXi 8.0 v1.2.0 L1 VMware | VMware | IDENTIFICATION AND AUTHENTICATION |
| 4.1 (L1) Host must configure a persistent log location for all locally stored system logs | CIS VMware ESXi 8.0 v1.2.0 L1 VMware | VMware | AUDIT AND ACCOUNTABILITY |
| 4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Establish a password policy for password complexity | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 4.11 (L1) Host must use strict x509 verification for TLS-enabled remote logging endpoints | CIS VMware ESXi 8.0 v1.2.0 L1 VMware | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Disable DCUI to prevent local administrative control | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 5.3 Disable SSH | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 5.3 Ensure forwarding of decrypted content to WildFire is enabled | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Enable OCSP and CRL certificate checking - OCSPStyle | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.6 Ensure 'WildFire Update Schedule' is set to download and install updates in real-time | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.8 Set a timeout for Shell Services | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
| 6.3 Mask and zone SAN resources appropriately | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 6.5.1 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated ciphers | CIS VMware ESXi 8.0 v1.2.0 L1 Unix | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.10 Ensure that access to every URL is logged | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.22 Ensure that 'Inline Cloud Analysis' on Vulnerability Protection profiles are enabled if 'Advanced Threat Prevention' is available | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | RISK ASSESSMENT |
| 6.24 Ensure that 'Inline Cloud Analysis' on Anti-Spyware profiles are enabled if 'Advanced Threat Prevention' is available | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 7.2 Ensure that the vSwitch MAC Address Change policy is set to reject | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure that the vSwitch Promiscuous Mode policy is set to reject | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure that port groups are not configured to the value of the native VLAN | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 8.1.1 Limit informational messages from the VM to the VMX file | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
| 8.3.4 Use templates to deploy VMs whenever possible | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 8.4.3 Control VMsafe Agent Port | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.4 Control VMsafe Agent Configuration | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.5 Disable Autologon | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | ACCESS CONTROL |
| 8.4.6 Disable BIOS BBS | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.22 Disable Guest Host Interaction Launch Menu | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.23 Disable memSchedFakeSampleStats | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.25 Disable VM Console Drag and Drop operations | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.29 Disable all but VGA mode on virtual machines. | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.6.1 Avoid using nonpersistent disks | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | AUDIT AND ACCOUNTABILITY |
| 8.7.4 Limit VM log file size | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
