- ESXI-06-000009 - The SSH daemon must be configured with the Department of Defense (DoD) login banner.
- ESXI-06-000010 - The VMM must use DoD-approved encryption to protect the confidentiality of remote access sessions.
- ESXI-06-000011 - The SSH daemon must be configured to use only the SSHv2 protocol.
- ESXI-06-000012 - The SSH daemon must ignore .rhosts files.
- ESXI-06-000013 - The SSH daemon must not allow host-based authentication.
- ESXI-06-000014 - The SSH daemon must not permit root logins.
- ESXI-06-000015 - The SSH daemon must not allow authentication using an empty password.
- ESXI-06-000016 - The SSH daemon must not permit user environment settings.
- ESXI-06-000017 - The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.
- ESXI-06-000018 - The SSH daemon must not permit GSSAPI authentication.
- ESXI-06-000019 - The SSH daemon must not permit Kerberos authentication.
- ESXI-06-000020 - The SSH daemon must perform strict mode checking of home directory configuration files.
- ESXI-06-000021 - The SSH daemon must not allow compression or must only allow compression after successful authentication.
- ESXI-06-000022 - The SSH daemon must be configured to not allow gateway ports.
- ESXI-06-000023 - The SSH daemon must be configured to not allow X11 forwarding.
- ESXI-06-000024 - The SSH daemon must not accept environment variables from the client.
- ESXI-06-000025 - The SSH daemon must not permit tunnels.
- ESXI-06-000026 - The SSH daemon must set a timeout count on idle sessions.
- ESXI-06-000027 - The SSH daemon must set a timeout interval on idle sessions.
- ESXI-06-000028 - The SSH daemon must limit connections to a single session.
- ESXI-06-000029 - The system must remove keys from the SSH authorized_keys file.
- ESXI-06-000032 - The system must prohibit the reuse of passwords within five iterations.
- ESXI-06-000033 - The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm.
- ESXI-06-000044 - The system must enable kernel core dumps.
- ESXI-06-000047 - The Image Profile and VIB Acceptance Levels must be verified.
- ESXI-06-000056 - The system must configure the firewall to restrict access to services running on the host.
- ESXI-06-100010 - The SSH daemon must be configured to only use FIPS 140-2 approved ciphers.
- ESXI-06-100047 - The VMM must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs and guest VMs by verifying Image Profile and VIP Acceptance Levels.
- ESXI-06-200047 - The VMM must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest on all VMM components by verifying Image Profile and VIP Acceptance Levels.
