| ESXI-70-000002 - The ESXi host must verify the DCUI.Access list. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000003 - The ESXi host must verify the exception users list for lockdown mode. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000006 - The ESXi host must enforce an unlock timeout of 15 minutes after a user account is locked out. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | ACCESS CONTROL |
| ESXI-70-000016 - The ESXi host Secure Shell (SSH) daemon must not permit user environment settings. | DISA STIG VMware vSphere 7.0 ESXi OS v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000020 - The ESXi host Secure Shell (SSH) daemon must perform strict mode checking of home directory configuration files. | DISA STIG VMware vSphere 7.0 ESXi OS v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000056 - The ESXi host must configure the firewall to restrict access to services running on the host. | DISA STIG VMware vSphere 7.0 ESXi OS v1r2 | Unix | CONFIGURATION MANAGEMENT |
| ESXI-70-000059 - All port groups on standard switches must be configured to reject forged transmits. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000061 - All port groups on standard switches must be configured to reject guest promiscuous mode requests. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000062 - Use of the dvFilter network application programming interfaces (APIs) must be restricted. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000064 - All port groups on standard switches must not be configured to virtual local area network (VLAN) 4095 unless Virtual Guest Tagging (VGT) is required - VGT is required. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000088 - The ESXi host must configure a session timeout for the vSphere API. | DISA STIG VMware vSphere 7.0 ESXi v1r2 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000093 - The ESXi host must not be configured to override virtual machine (VM) logger settings. | DISA STIG VMware vSphere 7.0 ESXi OS v1r2 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000016 - The Photon operating system audit log must have correct permissions. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000017 - The Photon operating system audit log must be owned by root. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000056 - The Photon operating system must configure auditd to keep logging in the event max log file size is reached. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000068 - The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| PHTN-30-000078 - The Photon operating system must configure sshd to disallow Generic Security Service Application Program Interface (GSSAPI) authentication. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000079 - The Photon operating system must configure sshd to disable environment processing. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000082 - The Photon operating system must configure sshd to disallow Kerberos authentication. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000083 - The Photon operating system must configure sshd to disallow authentication with an empty password. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000084 - The Photon operating system must configure sshd to disallow compression of the encrypted session stream. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000086 - The Photon operating system must configure sshd to ignore user-specific trusted hosts lists. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000090 - The Photon operating system must be configured so the '/etc/skel' default scripts are protected from unauthorized modification. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000095 - The Photon operating system must be configured so the '/etc/cron.allow' file is protected from unauthorized modification. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000097 - The Photon operating system must be configured so that all cron paths are protected from unauthorized modification. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000098 - The Photon operating system must not forward IPv4 or IPv6 source-routed packets. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000101 - The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000103 - The Photon operating system must log IPv4 packets with impossible addresses. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-30-000110 - The Photon operating system must enforce password complexity on the root account. | DISA STIG VMware vSphere 7.0 Photon OS v1r3 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-70-000012 - ESX Agent Manager must have Multipurpose Internet Mail Extensions (MIMEs) that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-70-000015 - ESX Agent Manager must be configured with memory leak protection. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCEM-70-000018 - ESX Agent Manager must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-70-000021 - ESX Agent Manager must use the 'setCharacterEncodingFilter' filter - filter-mapping | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCEM-70-000027 - ESX Agent Manager must not enable support for TRACE requests. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLU-70-000011 - Lookup Service must be configured to limit access to internal packages. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-70-000012 - Lookup Service must have Multipurpose Internet Mail Extensions (MIMEs) that invoke operating system shell programs disabled - MIMEs that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-70-000016 - Lookup Service must not have any symbolic links in the web content directory tree. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCLU-70-000022 - The Lookup Service must not show directory listings. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCLU-70-000027 - Lookup Service must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| VCLU-70-000031 - Lookup Service must set the secure flag for cookies. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000002 - The vCenter Server must not automatically refresh client sessions. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000018 - The vCenter Server must configure all port groups to a value other than that of the native VLAN. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000033 - The vCenter Server must use a least-privileges assignment for the vCenter Server database user. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000054 - The vCenter Server must disable or restrict the connectivity between vSAN Health Check and public Hardware Compatibility List by use of an external proxy server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000061 - The vCenter Server must disable Password and Windows integrated authentication. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000067 - The vCenter Server must disable the Customer Experience Improvement Program (CEIP). | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000073 - The vCenter Server must minimize access to the vCenter server. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCTR-67-000076 - The vCenter Server Administrator role must be secured and assigned to specific users other than a Windows Administrator. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000013 - Console connection sharing must be limited on the virtual machine. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-67-000016 - Unauthorized removal, connection and modification of devices must be prevented on the virtual machine. | DISA STIG VMware vSphere 6.7 Virtual Machine v1r3 | VMware | CONFIGURATION MANAGEMENT |
