Storage Area Network STIG
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Unauthorized IP addresses are allowed Simple Network Management Protocol (SNMP) access to the SAN devices.
<VulnDiscussion>SNMP, by virtue of what it is designed to do, can be a large security risk. Because SNMP can obtain device information and se...Rule High Severity -
Only Internal Network SNMP Access to SAN
<GroupDescription></GroupDescription>Group -
The IP addresses of the hosts permitted SNMP access to the SAN management devices do not belong to the internal network.
<VulnDiscussion>SNMP, by virtue of what it is designed to do, can be a large security risk. Because SNMP can obtain device information and se...Rule Medium Severity -
Fibre Channel network End-User Platform Restricted
<GroupDescription></GroupDescription>Group -
End-user platforms are directly attached to the Fibre Channel network or access storage devices directly.
<VulnDiscussion>End-user platforms should only be connected to servers that run applications that access the data found on the SAN devices. ...Rule Low Severity -
Backup of critical SAN Software and configurations
<GroupDescription></GroupDescription>Group -
Fabric switch configurations and management station configuration are not archived and/or copies of the operating system and other critical software for all SAN components are not stored in a fire rated container or are not collocated with the operational software.
<VulnDiscussion>.Backup and recovery procedures are critical to the security and availability of the SAN system. If a system is compromised,...Rule Medium Severity -
SAN Fixed IP Required.
<GroupDescription></GroupDescription>Group -
SAN components are not configured with fixed IP addresses.
<VulnDiscussion>Without fixed IP address filtering or restricting of access based on IP addressing will not function correctly allowing unaut...Rule Medium Severity -
A current drawing of the site’s SAN topology that includes all external and internal links, zones, and all interconnected equipment is not being maintained.
<VulnDiscussion>A drawing of the SAN topology gives the IAO and other interested individuals a pictorial representation of the SAN. This can...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.