Network management ports on the SAN fabric switches except those needed to support the operational commitments of the sites are not disabled.

An XCCDF Rule

Description

<VulnDiscussion>Enabled network management ports that are not required expose the SAN fabric switch and the entire network to unnecessary vulnerabilities. By disabling these unneeded ports the exposure profile of the device and network is diminished. The IAO/NSO will disable all network management ports on the SAN fabric switches except those needed to support the operational commitments of the sites.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>Information Assurance Officer</Responsibility><Responsibility>Switch Administrator</Responsibility><IAControls>DCBP-1</IAControls>

ID: SV-6769r1_rule
Severity: Medium
Updated: about 1 year ago

Develop a plan to locate and disable all network management ports that are not required to support the operational commitments of the sites.  Obtain CM approval of the plan and then execute the plan.

Network management ports on the SAN fabric switches except those needed to support the operational commitments of the sites are not disabled.

Description

Remediation - Manual Procedure