| ESXI-80-000008 - The ESXi host must enable lockdown mode. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | ACCESS CONTROL |
| ESXI-80-000047 - The ESXi host must be configured to disable nonessential capabilities by disabling the Managed Object Browser (MOB). | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000160 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-80-000215 - The ESXi host must enable Bridge Protocol Data Units (BPDU) filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000219 - The ESXi host must restrict use of the dvFilter network application programming interface (API). | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000225 - The ESXi host must enable volatile key destruction. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000227 - The ESXi host must be configured with an appropriate maximum password age. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| ESXI-80-000244 - The ESXi host must enforce the exclusive running of executables from approved VIBs. | DISA VMware vSphere 8.0 ESXi STIG v2r3 VMware | VMware | CONFIGURATION MANAGEMENT |
| VCPF-70-000013 - Performance Charts must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-70-000022 - Performance Charts must set the welcome-file node to a default web page. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-70-000025 - Performance Charts must be configured to not show error reports. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCPF-70-000029 - Performance Charts must properly configure log sizes and rotation. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000023 - The vCenter Server must enforce the limit of three consecutive invalid login attempts by a user. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | ACCESS CONTROL |
| VCSA-70-000268 - The vCenter Server must set the distributed port group Forged Transmits policy to 'Reject'. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000269 - The vCenter Server must set the distributed port group Media Access Control (MAC) Address Change policy to 'Reject'. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000270 - The vCenter Server must set the distributed port group Promiscuous Mode policy to 'Reject'. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000275 - The vCenter Server must configure the 'vpxuser' auto-password to be changed every 30 days. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000278 - The vCenter Server must use unique service accounts when applications connect to vCenter. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000282 - The vCenter Server must configure the vSAN Datastore name to a unique name. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000284 - The vCenter Server must restrict access to the default roles with cryptographic permissions. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000286 - The vCenter Server must have Mutual Challenge Handshake Authentication Protocol (CHAP) configured for vSAN Internet Small Computer System Interface (iSCSI) targets. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000288 - The vCenter Server must use secure Lightweight Directory Access Protocol (LDAPS) when adding an LDAP identity source. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000290 - The vCenter Server must limit membership to the 'SystemConfiguration.BashShellAdministrators' Single Sign-On (SSO) group. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000034 - The vCenter Server must produce audit records containing information to establish what type of events occurred. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | AUDIT AND ACCOUNTABILITY |
| VCSA-80-000248 - The vCenter Server must disable the Customer Experience Improvement Program (CEIP). | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000268 - The vCenter Server must set the distributed port group Forged Transmits policy to "Reject". | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000270 - The vCenter Server must set the distributed port group Promiscuous Mode policy to "Reject". | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000271 - The vCenter Server must only send NetFlow traffic to authorized collectors. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000273 - The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000274 - The vCenter Server must not configure all port groups to virtual local area network (VLAN) values reserved by upstream physical switches. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000283 - The vCenter Server must disable Username/Password and Windows Integrated Authentication. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000284 - The vCenter Server must restrict access to the default roles with cryptographic permissions. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000291 - The vCenter Server must limit membership to the "TrustedAdmins" Single Sign-On (SSO) group. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000292 - The vCenter server configuration must be backed up on a regular basis. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000298 - The vCenter Server must separate authentication and authorization for administrators. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000300 - The vCenter Server must remove unauthorized port mirroring sessions on distributed switches. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000302 - The vCenter Server must reset port configuration when virtual machines are disconnected. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCST-70-000002 - The Security Token Service must limit the number of concurrent connections permitted. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | ACCESS CONTROL |
| VCST-70-000011 - The Security Token Service must be configured to limit access to internal packages. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCST-70-000012 - The Security Token Service must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCST-70-000013 - The Security Token Service must have mappings set for Java servlet pages. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCST-70-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter. - filter-mapping | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCST-70-000026 - The Security Token Service must have the debug option disabled. | DISA STIG VMware vSphere 7.0 STS Tomcat v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-70-000002 - vSphere UI must limit the number of concurrent connections permitted. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | ACCESS CONTROL |
| VCUI-70-000014 - vSphere UI must not have the Web Distributed Authoring (WebDAV) servlet installed. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-70-000022 - vSphere UI must set the welcome-file node to a default web page. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-70-000024 - vSphere UI must be configured to hide the server version. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-70-000032 - vSphere UI must set the secure flag for cookies. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VMCH-70-000013 - Console connection sharing must be limited on the virtual machine (VM). | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-70-000022 - The virtual machine (VM) guest operating system must be locked when the last console connection is closed. | DISA STIG VMware vSphere 7.0 Virtual Machine v1r4 | VMware | CONFIGURATION MANAGEMENT |
