| V-258706 | | Virtual machines (VMs) must have virtual disk shrinking disabled. | Shrinking a virtual disk reclaims unused space in it. If there is empty space in the disk, this process reduces the amount of space the virtual disk o... |
| V-258707 | | Virtual machines (VMs) must have virtual disk wiping disabled. | Shrinking and wiping (erasing) a virtual disk reclaims unused space in it. If there is empty space in the disk, this process reduces the amount of spa... |
| V-258708 | | Virtual machines (VMs) must limit console sharing. | By default, more than one user at a time can connect to remote console sessions. When multiple sessions are activated, each terminal window receives a... |
| V-258710 | | Virtual machines (VMs) must prevent unauthorized removal, connection, and modification of devices. | In a virtual machine, users and processes without root or administrator privileges can connect or disconnect devices, such as network adaptors and CD-... |
| V-258711 | | Virtual machines (VMs) must not be able to obtain host information from the hypervisor. | If enabled, a VM can obtain detailed information about the physical host. The default value for the parameter is FALSE. This setting should not be TRU... |
| V-258714 | | Virtual machines (VMs) must be configured to lock when the last console connection is closed. | When accessing the VM console, the guest operating system must be locked when the last console user disconnects, limiting the possibility of session h... |
| V-258716 | | Virtual machines (VMs) must enable encryption for vMotion. | vMotion migrations in vSphere 6.0 and earlier transferred working memory and CPU state information in clear text over the vMotion network. As of vSphe... |
| V-258717 | | Virtual machines (VMs) must enable encryption for Fault Tolerance. | Fault Tolerance log traffic can be encrypted. This could contain sensitive data from the protected machine's memory or CPU instructions.
vSphere Faul... |
| V-258718 | | Virtual machines (VMs) must configure log size. | The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including but not limited to power events, system... |
| V-258719 | | Virtual machines (VMs) must configure log retention. | The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including but not limited to power events, system... |
| V-258720 | | Virtual machines (VMs) must enable logging. | The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including, but not limited to, power events, syst... |
| V-258721 | | Virtual machines (VMs) must not use independent, nonpersistent disks. | The security issue with nonpersistent disk mode is that successful attackers, with a simple shutdown or reboot, might undo or remove any traces they w... |
| V-258722 | | Virtual machines (VMs) must remove unneeded floppy devices. | Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual ... |
| V-258724 | | Virtual machines (VMs) must remove unneeded parallel devices. | Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual ... |
| V-258725 | | Virtual machines (VMs) must remove unneeded serial devices. | Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual ... |
| V-258726 | | Virtual machines (VMs) must remove unneeded USB devices. | Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual ... |
| V-258727 | | Virtual machines (VMs) must disable DirectPath I/O devices when not required. | VMDirectPath I/O (PCI passthrough) enables direct assignment of hardware PCI functions to VMs. This gives the VM access to the PCI functions with mini... |
| V-258703 | | Virtual machines (VMs) must have copy operations disabled. | Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is cor... |
| V-258704 | | Virtual machines (VMs) must have drag and drop operations disabled. | Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is cor... |
| V-258705 | | Virtual machines (VMs) must have paste operations disabled. | Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is cor... |
| V-258709 | | Virtual machines (VMs) must limit informational messages from the virtual machine to the VMX file. | The configuration file containing these name-value pairs is limited to a size of 1MB. If not limited, VMware tools in the guest operating system are c... |
| V-258712 | | Virtual machines (VMs) must have shared salt values disabled. | When salting is enabled (Mem.ShareForceSalting=1 or 2) to share a page between two virtual machines, both salt and the content of the page must be sam... |
| V-258713 | | Virtual machines (VMs) must disable access through the "dvfilter" network Application Programming Interface (API). | An attacker might compromise a VM by using the "dvFilter" API. Configure only VMs that need this access to use the API.... |
| V-258715 | | Virtual machines (VMs) must disable 3D features when not required. | For performance reasons, it is recommended that 3D acceleration be disabled on virtual machines that do not require 3D functionality (e.g., most serve... |
| V-258723 | | Virtual machines (VMs) must remove unneeded CD/DVD devices. | Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual ... |
