Communications from the management console to the SAN fabric are not protected strong two-factor authentication.
An XCCDF Rule
Description
<VulnDiscussion>Using two-factor authentication between the SAN management console and the fabric enhances the security of the communications carrying privileged functions. It is harder for an unauthorized management console to take control of the SAN. The preferred solution for two-factor authentication is DoD PKI implemented on the CAC or Alternative (Alt) token.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>Information Assurance Officer</Responsibility><Responsibility>Network Security Officer</Responsibility><IAControls></IAControls>
- ID
- SV-6778r1_rule
- Severity
- Low
- Updated
Remediation - Manual Procedure
Develop a plan to migrate to the use of DoD PKI authentication between the SAN management console and the SAN fabric. Obtain CM approval of the plan and implement the plan.