The HPE 3PAR OS cimserver process must be properly configured to operate in FIPS mode in order to use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.

An XCCDF Rule

Description

<VulnDiscussion>Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DOD data may be compromised. The HPE 3PAR OS cimserver utilizes a vendor-affirmed FIPS module and operates OpenSSL in FIPS mode when configured as described. If the service is not enabled in FIPS mode, it is incorrectly configured.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-255292r971535_rule
Severity: High
References: CCI-000803
Updated: 17 days ago

Stop the cimserver process:
cli% stopcim -f

Reconfigure the cimserver to use only HTTPS on TLSV1.2
cli% setcim -f -http disable
cli% setcim -f -https enablecli% setcim -f -pol tls_strict

Restart the cimserver process:
cli% startcim -f

Wait up to five minutes for CIM to start up and verify it is Enabled/Active 
cli% showcim

Once CIM is active, verify FIPS mode:
cli% controlsecurity fips status

If CIM is "Disabled", this is an error that requires a service escalation.

The HPE 3PAR OS cimserver process must be properly configured to operate in FIPS mode in order to use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.

Description

Remediation - Manual Procedure