Skip to content
Log In

II - Mission Support Public

Rules and Groups employed by this XCCDF Profile

  • SNMP usage and configuration.

    Group
    Show

  • Simple Network Management Protocol (SNMP) is used and it is not configured in accordance with the guidance contained in the Network Infrastructure STIG.

    There are vulnerabilities in some implementations and some configurations of SNMP. Therefore if SNMP is used the guidelines found in the Network Infrastructure STIG in selecting a version of SNMP ...
    Rule Medium Severity
    Show

  • Authorized IP Addresses allowed for SNMP

    Group
    Show

  • Unauthorized IP addresses are allowed Simple Network Management Protocol (SNMP) access to the SAN devices.

    SNMP, by virtue of what it is designed to do, can be a large security risk. Because SNMP can obtain device information and set device parameters, unauthorized users can cause damage. Restricting I...
    Rule High Severity
    Show

  • Only Internal Network SNMP Access to SAN

    Group
    Show

  • The IP addresses of the hosts permitted SNMP access to the SAN management devices do not belong to the internal network.

    SNMP, by virtue of what it is designed to do, can be a large security risk. Because SNMP can obtain device information and set device parameters, unauthorized users can cause damage. Therefore acc...
    Rule Medium Severity
    Show

  • Fibre Channel network End-User Platform Restricted

    Group
    Show

  • End-user platforms are directly attached to the Fibre Channel network or access storage devices directly.

    End-user platforms should only be connected to servers that run applications that access the data found on the SAN devices. SANs do not supply a robust user identification and authentication platf...
    Rule Low Severity
    Show

  • Backup of critical SAN Software and configurations

    Group
    Show

  • Fabric switch configurations and management station configuration are not archived and/or copies of the operating system and other critical software for all SAN components are not stored in a fire rated container or are not collocated with the operational software.

    .Backup and recovery procedures are critical to the security and availability of the SAN system. If a system is compromised, shut down, or otherwise not available for service, this could hinder th...
    Rule Medium Severity
    Show

  • SAN Fixed IP Required.

    Group
    Show

  • SAN components are not configured with fixed IP addresses.

    Without fixed IP address filtering or restricting of access based on IP addressing will not function correctly allowing unauthorized access to SAN components or creating a denial of service by bloc...
    Rule Medium Severity
    Show

  • The default zone visibility is not set to "none"

    Group
    Show

  • The default zone visibility setting is not set to “none”.

    If the default zone visibility setting is set to "none", new clients brought into the SAN will not be allowed access to any SAN zone they are not explicitly placed into. The IAO/NSO will ensure tha...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules