I - Mission Critical Public
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480-VMM-002000
Group -
The ESXi host must not be configured to override virtual machine (VM) logger settings.
Each VM on an ESXi host runs in its own "vmx" process. Upon creation, a vmx process will look in two locations for configuration items, the ESXi host itself and the per-vm *.vmx file in the VM stor...Rule Medium Severity -
SRG-OS-000480-VMM-002000
Group -
The ESXi host must require TPM-based configuration encryption.
An ESXi host's configuration consists of configuration files for each service that runs on the host. The configuration files typically reside in the /etc/ directory, but they can also reside in oth...Rule Medium Severity -
SRG-OS-000480-VMM-002000
Group -
The ESXi host must implement Secure Boot enforcement.
Secure Boot is part of the UEFI firmware standard. With UEFI Secure Boot enabled, a host refuses to load any UEFI driver or app unless the operating system bootloader has a valid digital signature....Rule Medium Severity -
SRG-OS-000480-VMM-002000
Group -
The ESXi Common Information Model (CIM) service must be disabled.
The CIM system provides an interface that enables hardware-level management from remote applications via a set of standard application programming interfaces (APIs). These APIs are consumed by exte...Rule Medium Severity -
SRG-OS-000478-VMM-001980
Group -
The ESXi host SSH daemon must be configured to only use FIPS 140-2 validated ciphers.
Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. ESXi must implement cryptographic modules adhering to the higher standards approved by the...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.