UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

HP FlexFabric Switch L2S Security Technical Implementation Guide


Overview

Date Finding Count (24)
2018-12-21 CAT I (High): 1 CAT II (Med): 23 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-66051 High HP FlexFabric Switch must authenticate all network-connected endpoint devices before establishing any connection.
V-66057 Medium The HP FlexFabric Switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks.
V-66095 Medium The HP FlexFabric Switch must have the native VLAN assigned to a VLAN ID other than the default VLAN ID for all 802.1q trunk links.
V-66059 Medium The HP FlexFabric Switch must provide the capability for authorized users to select a user session to capture.
V-66097 Medium The HP FlexFabric Switch must not have any access switch ports assigned to the native VLAN.
V-66091 Medium The HP FlexFabric Switch must not use the default VLAN for management traffic.
V-66079 Medium The HP FlexFabric Switch must enable Device Link Detection Protocol (DLDP) to protect against one-way connections.
V-66075 Medium The HP FlexFabric Switch must have Dynamic ARP Inspection (DAI) enabled on all user VLANs.
V-66073 Medium The HP FlexFabric Switch must have IP Source Guard enabled on all user-facing or untrusted access switch ports.
V-66071 Medium The HP FlexFabric Switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources as well as rate-limit DHCP traffic.
V-66069 Medium The HP FlexFabric Switch must have unknown storm-constrain enabled.
V-66093 Medium The HP FlexFabric Switch must have all user-facing or untrusted ports configured as access switch ports.
V-65961 Medium The HP FlexFabric Switch must be configured to disable non-essential capabilities.
V-66077 Medium The HP FlexFabric Switch must implement Rapid STP where VLANs span multiple switches with redundant links.
V-66053 Medium HP FlexFabric Switch must authenticate all endpoint devices before establishing a network connection using bidirectional authentication that is cryptographically based.
V-66067 Medium The HP FlexFabric Switch must have STP Loop Protection enabled all non-designated STP switch ports.
V-66083 Medium The HP FlexFabric Switch must only allow a maximum of one registered MAC address per access port.
V-66081 Medium The HP FlexFabric Switch must have all trunk links enabled statically.
V-66087 Medium The HP FlexFabric Switch must not have the default VLAN assigned to any host-facing switch ports.
V-66085 Medium The HP FlexFabric Switch must have all disabled switch ports assigned an unused VLAN.
V-66065 Medium The HP FlexFabric Switch must have BPDU Guard enabled on all user-facing access ports.
V-66089 Medium The HP FlexFabric Switch must have the default VLAN pruned from all trunk ports that do not require it.
V-66061 Medium The HP FlexFabric Switch must provide the capability for authorized users to remotely view, in real time, all content related to an established user session from a component separate from the HP FlexFabric Switch.
V-66063 Medium The HP FlexFabric Switch must have Root Guard enabled on all ports where the root bridge should not appear.