| ESXI-70-000002 - The ESXi host must verify the DCUI.Access list. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000003 - The ESXi host must verify the exception users list for lockdown mode. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000006 - The ESXi host must enforce an unlock timeout of 15 minutes after a user account is locked out. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | ACCESS CONTROL |
| ESXI-70-000016 - The ESXi host Secure Shell (SSH) daemon must not permit user environment settings. | DISA STIG VMware vSphere 7.0 ESXi OS v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000020 - The ESXi host Secure Shell (SSH) daemon must perform strict mode checking of home directory configuration files. | DISA STIG VMware vSphere 7.0 ESXi OS v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000056 - The ESXi host must configure the firewall to restrict access to services running on the host. | DISA STIG VMware vSphere 7.0 ESXi OS v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000059 - All port groups on standard switches must be configured to reject forged transmits. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000061 - All port groups on standard switches must be configured to reject guest promiscuous mode requests. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000062 - Use of the dvFilter network application programming interfaces (APIs) must be restricted. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000064 - All port groups on standard switches must not be configured to virtual local area network (VLAN) 4095 unless Virtual Guest Tagging (VGT) is required - VGT is required. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000088 - The ESXi host must configure a session timeout for the vSphere API. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000093 - The ESXi host must not be configured to override virtual machine (VM) logger settings. | DISA STIG VMware vSphere 7.0 ESXi OS v1r2 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000016 - The Photon operating system audit log must have correct permissions. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000017 - The Photon operating system audit log must be owned by root. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000056 - The Photon operating system must configure auditd to keep logging in the event max log file size is reached. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCEM-70-000012 - ESX Agent Manager must have Multipurpose Internet Mail Extensions (MIMEs) that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-70-000015 - ESX Agent Manager must be configured with memory leak protection. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-70-000018 - ESX Agent Manager must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-70-000021 - ESX Agent Manager must use the 'setCharacterEncodingFilter' filter - filter-mapping | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-70-000027 - ESX Agent Manager must not enable support for TRACE requests. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCFL-67-000002 - vSphere Client must limit the number of concurrent connections permitted. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | ACCESS CONTROL |
| VCFL-67-000015 - vSphere Client must not have the Web Distributed Authoring (WebDAV) servlet installed. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCFL-67-000017 - vSphere Client must not have any symbolic links in the web content directory tree. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCFL-67-000030 - vSphere Client must set the secure flag for cookies. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000005 - VAMI must generate log records for system startup and shutdown. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLD-67-000016 - VAMI must only load allowed server modules - mod_accesslog | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-67-000016 - VAMI must only load allowed server modules - mod_magnet | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCLD-67-000028 - VAMI must set the encoding for all text mime types to UTF-8. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLU-70-000011 - Lookup Service must be configured to limit access to internal packages. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-70-000012 - Lookup Service must have Multipurpose Internet Mail Extensions (MIMEs) that invoke operating system shell programs disabled - MIMEs that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-70-000016 - Lookup Service must not have any symbolic links in the web content directory tree. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-70-000022 - The Lookup Service must not show directory listings. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLU-70-000027 - Lookup Service must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLU-70-000031 - Lookup Service must set the secure flag for cookies. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-67-000014 - The Security Token Service must not have the Web Distributed Authoring (WebDAV) servlet installed. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCST-67-000023 - The Security Token Service must not show directory listings. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCTR-67-000002 - The vCenter Server must not automatically refresh client sessions. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000018 - The vCenter Server must configure all port groups to a value other than that of the native VLAN. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000033 - The vCenter Server must use a least-privileges assignment for the vCenter Server database user. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000054 - The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000061 - The vCenter Server must disable Password and Windows integrated authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000067 - The vCenter Server must disable the Customer Experience Improvement Program (CEIP). | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000073 - The vCenter Server must minimize access to the vCenter server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000076 - The vCenter Server Administrator role must be secured and assigned to specific users other than a Windows Administrator. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCUI-67-000001 - vSphere UI must limit the amount of time that each TCP connection is kept alive. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | ACCESS CONTROL |
| VCUI-67-000012 - vSphere UI must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-67-000014 - vSphere UI must be configured with memory leak protection. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-67-000030 - vSphere UI must set the secure flag for cookies. | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VMCH-67-000013 - Console connection sharing must be limited on the virtual machine. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000016 - Unauthorized removal, connection and modification of devices must be prevented on the virtual machine. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
