Skip to content
Log In

III - Administrative Public

Rules and Groups employed by this XCCDF Profile

  • Hard zoning is not used to protect the SAN.

    Group
    Show

  • Hard zoning is not used to protect the SAN.

    Risk: In a SAN environment, we potentially have data with differing levels or need-to-know stored on the same "system". A high level of assurance that a valid entity (user/system/process) of one ...
    Rule High Severity
    Show

  • Compliance with Network Infrastructure and Enclave

    Group
    Show

  • The SANs are not compliant with overall network security architecture, appropriate enclave, and data center security requirements in the Network Infrastructure STIG and the Enclave STIG

    Inconsistencies with the Network Infrastructure STIG, the Enclave STIG, and the SAN implementation can lead to the creation of vulnerabilities in the network or the enclave.
    Rule Medium Severity
    Show

  • All security related patches are not installed.

    Group
    Show

  • All security related patches are not installed.

    Failure to install security related patches leaves the SAN open to attack by exploiting known vulnerabilities. The IAO/NSO will ensure that all security-related patches are installed.
    Rule Medium Severity
    Show

  • Component Compliance with applicable STIG

    Group
    Show

  • Prior to installing SAN components (servers, switches, and management stations) onto the DOD network infrastructure, components are not configured to meet the applicable STIG requirements.

    Many SAN components (servers, switches, management stations) have security requirements from other STIGs. It will be verified that all requirement are complied with. The IAO/NSO will ensure that p...
    Rule Medium Severity
    Show

  • Servers and hosts OS STIG Requirements

    Group
    Show

  • Servers and other hosts are not compliant with applicable Operating System (OS) STIG requirements.

    SAN servers and other hosts are hardware software combinations that actually run under the control of a native OS found on the component. This OS may be UNIX, LNIX, Windows, etc. The underlying O...
    Rule Medium Severity
    Show

  • Anti-virus on servers and host.

    Group
    Show

  • Vendor supported, DOD approved, anti-virus software is not installed and configured on all SAN servers in accordance with the applicable operating system STIG on SAN servers and management devices and kept up-to-date with the most recent virus definition tables.

    The SAN servers and other hosts are subject to virus and worm attacks as are any systems running an OS. If the anti-virus software is not installed or the virus definitions are not maintained on t...
    Rule High Severity
    Show

  • SAN Topology Drawing

    Group
    Show

  • A current drawing of the site’s SAN topology that includes all external and internal links, zones, and all interconnected equipment is not being maintained.

    A drawing of the SAN topology gives the IAO and other interested individuals a pictorial representation of the SAN. This can be helpful in diagnosing potential security problems. The IAO/NSO will ...
    Rule Medium Severity
    Show

  • Physical Access to SAN Network Devices

    Group
    Show

  • All the network level devices interconnected to the SAN are not located in a secure room with limited access.

    If the network level devices are not located in a secure area they can be tampered with which could lead to a denial of service if the device is powered off or sensitive data can be compromised by ...
    Rule Medium Severity
    Show

  • SAN Fabric Switch User Accounts with Passwords

    Group
    Show

  • Individual user accounts with passwords are not set up and maintained for the SAN fabric switch.

    Without identification and authentication unauthorized users could reconfigure the SAN or disrupt its operation by logging in to the fabric switch and executing unauthorized commands. The IAO/NSO w...
    Rule Medium Severity
    Show

  • Fabric Switches do not have bidirectional authentication

    Group
    Show

  • The SAN must be configured to use bidirectional authentication.

    Switch-to-switch management traffic does not have to be encrypted. Bidirectional authentication ensures that a rogue switch cannot be inserted and be auto configured to join the fabric.
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules