Skip to content
Log In

Storage Area Network STIG

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Individual user accounts with passwords are not set up and maintained for the SAN fabric switch.

    Without identification and authentication unauthorized users could reconfigure the SAN or disrupt its operation by logging in to the fabric switch and executing unauthorized commands. The IAO/NSO w...
    Rule Medium Severity
    Show

  • Fabric Switches do not have bidirectional authentication

    Group
    Show

  • The SAN must be configured to use bidirectional authentication.

    Switch-to-switch management traffic does not have to be encrypted. Bidirectional authentication ensures that a rogue switch cannot be inserted and be auto configured to join the fabric.
    Rule Medium Severity
    Show

  • SAN Switch encryption and DOD PKI

    Group
    Show

  • The fabric switches must use DoD-approved PKI rather than proprietary or self-signed device certificates.

    DOD PKI supplies better protection from malicious attacks than userid/password authentication and should be used anytime it is feasible.
    Rule Low Severity
    Show

  • SAN Network Management Ports Fabric Switch

    Group
    Show

  • Network management ports on the SAN fabric switches except those needed to support the operational commitments of the sites are not disabled.

    Enabled network management ports that are not required expose the SAN fabric switch and the entire network to unnecessary vulnerabilities. By disabling these unneeded ports the exposure profile of...
    Rule Medium Severity
    Show

  • SAN management out-of-band or direct connect

    Group
    Show

  • SAN management is not accomplished using the out-of-band or direct connection method.

    Removing the management traffic from the production network diminishes the security profile of the SAN servers by allowing all the management ports to be closed on the production network. The IAO/N...
    Rule Medium Severity
    Show

  • Management Console to SAN Fabric Authentication

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules