Skip to content

Storage Area Network STIG

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Hard zoning is not used to protect the SAN.

    <GroupDescription></GroupDescription>
    Group
  • Hard zoning is not used to protect the SAN.

    &lt;VulnDiscussion&gt;Risk: In a SAN environment, we potentially have data with differing levels or need-to-know stored on the same "system". A h...
    Rule High Severity
  • Compliance with Network Infrastructure and Enclave

    <GroupDescription></GroupDescription>
    Group
  • The SANs are not compliant with overall network security architecture, appropriate enclave, and data center security requirements in the Network Infrastructure STIG and the Enclave STIG

    &lt;VulnDiscussion&gt;Inconsistencies with the Network Infrastructure STIG, the Enclave STIG, and the SAN implementation can lead to the creation o...
    Rule Medium Severity
  • All security related patches are not installed.

    <GroupDescription></GroupDescription>
    Group
  • All security related patches are not installed.

    &lt;VulnDiscussion&gt;Failure to install security related patches leaves the SAN open to attack by exploiting known vulnerabilities. The IAO/NSO wi...
    Rule Medium Severity
  • Component Compliance with applicable STIG

    <GroupDescription></GroupDescription>
    Group
  • Prior to installing SAN components (servers, switches, and management stations) onto the DOD network infrastructure, components are not configured to meet the applicable STIG requirements.

    &lt;VulnDiscussion&gt;Many SAN components (servers, switches, management stations) have security requirements from other STIGs. It will be verifie...
    Rule Medium Severity
  • Servers and hosts OS STIG Requirements

    <GroupDescription></GroupDescription>
    Group
  • Servers and other hosts are not compliant with applicable Operating System (OS) STIG requirements.

    &lt;VulnDiscussion&gt;SAN servers and other hosts are hardware software combinations that actually run under the control of a native OS found on th...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules