After enabling vSphere Security Configuration Guide under VMware SDDC Benchmarks from the Operations > Compliance section in Aria Operations, you continue to see the triggered alert ESXi Host is violating VMware vSphere Security Configuration Guide for vCenter version 8 and above even after attempting to configure the firewall rules on the hosts per ESXi.firewall-restrict-access The Configuration of the ESXi host firewall to restrict access to services running on the host is not as per the recommended value

On the ESXi host under Configure > Firewall, you see a service called spherelet, but when you attempt to configure the Allowed IP addresses list, you see an error that says Apply security profile failed! Cannot change the host configuration. Invalid operation requested: Can not change allowed ip list of this ruleset, it is owned by system service. 

 vSphere Security Configuration Guide benchmark will be updated in a future version of VCF Operations 9.x to take into account system created services in the ESXi firewall.