HP FlexFabric Switch NDM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The HP FlexFabric Switch must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
<VulnDiscussion>In order to ensure network devices have a sufficient storage capacity in which to write the audit logs, they need to be able ...Rule Medium Severity -
SRG-APP-000359-NDM-000294
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.
<VulnDiscussion>If security personnel are not notified immediately upon storage volume utilization reaching 75%, they are unable to plan for ...Rule Medium Severity -
SRG-APP-000360-NDM-000295
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must generate an immediate real-time alert of all audit failure events requiring real-time alerts.
<VulnDiscussion>It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required....Rule Medium Severity -
SRG-APP-000371-NDM-000296
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must compare internal information system clocks at least every 24 hours with an authoritative time server.
<VulnDiscussion>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the cor...Rule Medium Severity -
SRG-APP-000372-NDM-000297
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must synchronize internal information system clocks to the authoritative time source when the time difference is greater than the organization-defined time period.
<VulnDiscussion>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the cor...Rule Medium Severity -
SRG-APP-000373-NDM-000298
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.
<VulnDiscussion>The loss of connectivity to a particular authoritative time source will result in the loss of time synchronization (free-run ...Rule Medium Severity -
SRG-APP-000374-NDM-000299
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
<VulnDiscussion>If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analys...Rule Medium Severity -
SRG-APP-000375-NDM-000300
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.
<VulnDiscussion>Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records....Rule Medium Severity -
SRG-APP-000397-NDM-000312
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must allow the use of a temporary password for system logons with an immediate change to a permanent password.
<VulnDiscussion>Without providing this capability, an account may be created without a password. Non-repudiation cannot be guaranteed once an...Rule Medium Severity -
SRG-APP-000411-NDM-000330
<GroupDescription></GroupDescription>Group -
Applications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.
<VulnDiscussion>This requires the use of secure protocols instead of their unsecured counterparts, such as SSH instead of telnet, SCP instead...Rule Medium Severity -
SRG-APP-000412-NDM-000331
<GroupDescription></GroupDescription>Group -
Applications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.
<VulnDiscussion>This requires the use of secure protocols instead of their unsecured counterparts, such as SSH instead of telnet, SCP instead...Rule Medium Severity -
SRG-APP-000435-NDM-000315
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must protect against or limit the effects of all known types of Denial of Service (DoS) attacks on the HP FlexFabric Switch management network by employing organization-defined security safeguards.
<VulnDiscussion>DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot ac...Rule Medium Severity -
SRG-APP-000491-NDM-000316
<GroupDescription></GroupDescription>Group -
If the HP FlexFabric Switch uses mandatory access control, the HP FlexFabric Switch must enforce organization-defined mandatory access control policies over all subjects and objects.
<VulnDiscussion>Mandatory access control policies constrain what actions subjects can take with information obtained from data objects for wh...Rule Medium Severity -
SRG-APP-000495-NDM-000318
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-APP-000499-NDM-000319
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
The HP FlexFabric Switch must generate audit records for privileged activities or other system-level access.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-APP-000505-NDM-000322
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must generate audit records showing starting and ending time for administrator access to the system.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-APP-000506-NDM-000323
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must generate audit records when concurrent logons from different workstations occur.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-APP-000509-NDM-000324
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must generate audit records for all account creations, modifications, disabling, and termination events.
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficu...Rule Medium Severity -
SRG-APP-000515-NDM-000325
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must off-load audit records onto a different system or media than the system being audited.
<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common...Rule Medium Severity -
SRG-APP-000516-NDM-000332
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must notify the administrator of the number of successful logon attempts occurring during an organization-defined time period.
<VulnDiscussion>Administrators need to be aware of activity that occurs regarding their network device management account. Providing administ...Rule Medium Severity -
SRG-APP-000516-NDM-000334
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must generate audit log events for a locally developed list of auditable events.
<VulnDiscussion>Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means...Rule Medium Severity -
SRG-APP-000516-NDM-000335
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must enforce access restrictions associated with changes to the system components.
<VulnDiscussion>Changes to the hardware or software components of the HP FlexFabric Switch can have significant effects on the overall securi...Rule Medium Severity -
SRG-APP-000516-NDM-000340
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must support organizational requirements to conduct backups of system level information contained in the information system when changes occur or weekly, whichever is sooner.
<VulnDiscussion>System-level information includes default and customized settings and security attributes, including ACLs that relate to the ...Rule Low Severity -
SRG-APP-000516-NDM-000342
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must employ automated mechanisms to assist in the tracking of security incidents.
<VulnDiscussion>Despite the investment in perimeter defense technologies, enclaves are still faced with detecting, analyzing, and remediating...Rule Medium Severity -
SRG-APP-000516-NDM-000344
<GroupDescription></GroupDescription>Group -
The HP FlexFabric Switch must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
<VulnDiscussion>For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB p...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.