The fabric switches must use DoD-approved PKI rather than proprietary or self-signed device certificates.
An XCCDF Rule
Description
DOD PKI supplies better protection from malicious attacks than userid/password authentication and should be used anytime it is feasible.
| Property | Value |
|---|---|
| Responsibility | Information Assurance Officer |
| Potential Impact | Failure to develop a plan for the coordinated correction of these vulnerabilities across the SAN could lead to a denial of service caused by a disruption or failure of the SAN. |
- ID
- SV-6768r2_rule
- Version
- SAN04.011.00
- Severity
- Low
- Updated
Remediation Templates
A Manual Procedure
Generate a new key-pair from a DoD-approved certificate issuer. Sites must consult the PKI/PKI pages on the http://iase.disa.mil/ website for procedures for NIPRNet and SIPRNet.