- VCWN-06-000001 - The system must prohibit password reuse for a minimum of five generations.
- VCWN-06-000002 - The system must not automatically refresh client sessions.
- VCWN-06-000003 - The system must enforce a 60-day maximum password lifetime restriction.
- VCWN-06-000004 - The system must terminate management sessions after 10 minutes of inactivity.
- VCWN-06-000005 - The vCenter Server users must have the correct roles assigned.
- VCWN-06-000007 - The system must limit the effects of information-flooding types of Denial of Service (DoS) attacks.
- VCWN-06-000008 - The system must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events.
- VCWN-06-000009 - The system must use Active Directory authentication.
- VCWN-06-000010 - The system must limit the use of the built-in SSO administrative account.
- VCWN-06-000012 - The system must disable the distributed virtual switch health check.
- VCWN-06-000013 - The distributed port group Forged Transmits policy must be set to reject.
- VCWN-06-000014 - The system must ensure the distributed port group MAC Address Change policy is set to reject.
- VCWN-06-000015 - The system must ensure the distributed port group Promiscuous Mode policy is set to reject.
- VCWN-06-000016 - The system must only send NetFlow traffic to authorized collectors.
- VCWN-06-000017 - The system must not override port group settings at the port level on distributed switches.
- VCWN-06-000018 - All port groups must be configured to a value other than that of the native VLAN.
- VCWN-06-000019 - All port groups must not be configured to VLAN 4095 unless Virtual Guest Tagging (VGT) is required.
- VCWN-06-000020 - All port groups must not be configured to VLAN values reserved by upstream physical switches.
- VCWN-06-000021 - The system must enable SSL for Network File Copy (NFC).
- VCWN-06-000022 - The vCenter Server services must be ran using a service account instead of a built-in Windows account.
- VCWN-06-000023 - The system must ensure the vpxuser auto-password change meets policy.
- VCWN-06-000024 - The system must ensure the vpxuser password meets length policy.
- VCWN-06-000025 - The system must disable the managed object browser at all times, when not required for troubleshooting or maintenance.
- VCWN-06-000026 - Privilege re-assignment must be checked after the vCenter Server restarts.
- VCWN-06-000027 - The system must minimize access to the vCenter server.
- VCWN-06-000028 - Log files must be cleaned up after failed installations of the vCenter Server.
- VCWN-06-000029 - The system must enable all tasks to be shown to Administrators in the Web Client.
- VCWN-06-000030 - The vCenter Administrator role must be secured and assigned to specific users other than a Windows Administrator.
- VCWN-06-000031 - Connectivity between Update Manager and public patch repos restricted by use of a separate Update Manager Download Server.
- VCWN-06-000032 - A least-privileges assignment must be used for the Update Manager database user.
