All the network level devices interconnected to the SAN are not located in a secure room with limited access.
An XCCDF Rule
Description
If the network level devices are not located in a secure area they can be tampered with which could lead to a denial of service if the device is powered off or sensitive data can be compromised by a tap connected to the device. The IAO/NSO will ensure that all the network level devices interconnected to the SAN are located in a secure room with limited access.
| Property | Value |
|---|---|
| Responsibility | Information Assurance Officer |
| IA Controls | PECF-1, PECF-2 |
| Potential Impact | Moving devices can disrupt the SAN environment while the move is taking place. |
- ID
- SV-6751r1_rule
- Version
- SAN04.008.00
- Severity
- Medium
- Updated
Remediation Templates
A Manual Procedure
Develop a plan to move the network level devices to a location/room where the can be physically secured in a manner appropriate to the classification level of the data the handle. Obtain CM approval of the plan and then implement the plan moving the devices.