Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide
SRG-OS-000123-GPOS-00064
SRG-OS-000123-GPOS-00064
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-OS-000123-GPOS-00064
1 Rule
<GroupDescription></GroupDescription>
The HPE 3PAR OS must be configured to have only one emergency account that can be accessed without LDAP and that has full administrator privileges.
Medium Severity
<VulnDiscussion>While LDAP allows the storage system to support stronger authentication, and provides additional auditing, it also places a dependency on an external entity in the operational environment. The existence of a single local account with a strong password means that administrators can continue to access the storage system in event the LDAP system is temporarily unavailable. A non-LDAP enabled emergency administrator account is required in the event that LDAP fails. This account will allow the organization to successfully administer the system during an LDAP outage. Once LDAP services have been restored, the password for this account must be changed and stored in a DOD approved safe. The product requires at least one local account to be present. However, the administrator must still manually remove all other local accounts, except for the emergency account, after the product has been configured for operation. The 3paradm account is a user bootstrap account. During installation, the user must use it to create a new local super user account. Once that is done, the 3paradm account must be removed. The 3parsvc account is used internally by the system. The 3parsnmp account was created in the fix text for HP3P-33-001300.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>