The manufacturer’s default PKI keys have not been changed prior to attaching the switch to the SAN Fabric.
An XCCDF Rule
Description
<VulnDiscussion>If the manufacturer's default PKI keys are allowed to remain active on the device, it can be accessed by a malicious individual with access to the default key. The IAO/NSO will ensure that the manufacturer’s default PKI keys are changed prior to attaching the switch to the SAN Fabric.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts>The manufacturer may need to access the device for maintenance. If the PKI keys cannot be reestablished this will fail.</PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility>Information Assurance Officer</Responsibility><Responsibility>Network Security Officer</Responsibility><IAControls>IAIA-1, IAIA-2</IAControls>
- ID
- SV-6780r1_rule
- Severity
- Low
- Updated
Remediation - Manual Procedure
Depending on the functionality allowed by the device, develop a plan remove, disable or change the manufacturer’s default PKI certificate so that it cannot be used for identification and authorization. Obtain CM approval for the plan and implement the plan.