UCF STIG Viewer Logo

HP FlexFabric Switch NDM Security Technical Implementation Guide


Overview

Date Finding Count (79)
2020-06-03 CAT I (High): 2 CAT II (Med): 64 CAT III (Low): 13
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Public)

Finding ID Severity Title
V-66295 High The HP FlexFabric Switch must have a local account that will only be used as an account of last resort with full access to the network device.
V-66151 High The HP FlexFabric Switch must enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device.
V-66189 Medium The HP FlexFabric Switch must use internal system clocks to generate time stamps for audit records.
V-66281 Medium The HP FlexFabric Switch must off-load audit records onto a different system or media than the system being audited.
V-66283 Medium The HP FlexFabric Switch must notify the administrator of the number of successful logon attempts occurring during an organization-defined time period.
V-66207 Medium If multifactor authentication is not supported and passwords must be used, the HP FlexFabric Switch must enforce password complexity by requiring that at least one upper-case character be used.
V-66287 Medium The HP FlexFabric Switch must enforce access restrictions associated with changes to the system components.
V-66161 Medium Upon successful logon, the HP FlexFabric Switch must notify the administrator of the date and time of the last logon.
V-66171 Medium The HP FlexFabric Switch must generate audit records when successful/unsuccessful attempts to access privileges occur.
V-66245 Medium The HP FlexFabric Switch must generate an immediate real-time alert of all audit failure events requiring real-time alerts.
V-66229 Medium The HP FlexFabric Switch must generate an immediate alert for account enabling actions.
V-66273 Medium The HP FlexFabric Switch must generate audit records for privileged activities or other system-level access.
V-66301 Medium The HP FlexFabric switch must be configured to send SNMP traps and notifications to the SNMP manager for the purpose of sending alarms and notifying appropriate personnel as required by specific events.
V-66209 Medium If multifactor authentication is not supported and passwords must be used, the HP FlexFabric Switch must enforce password complexity by requiring that at least one lower-case character be used.
V-66247 Medium The HP FlexFabric Switch must compare internal information system clocks at least every 24 hours with an authoritative time server.
V-66241 Medium The HP FlexFabric Switch must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
V-66269 Medium The HP FlexFabric Switch must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur.
V-66163 Medium Upon successful logon, the HP FlexFabric Switch must notify the administrator of the number of unsuccessful logon attempts since the last successful logon.
V-66155 Medium The HP FlexFabric Switch must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
V-66157 Medium The HP FlexFabric Switch must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.
V-66249 Medium The HP FlexFabric Switch must synchronize internal information system clocks to the authoritative time source when the time difference is greater than the organization-defined time period.
V-66159 Medium The HP FlexFabric Switch must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log on for further access.
V-66199 Medium The HP FlexFabric Switch must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
V-66149 Medium The HP FlexFabric Switch must automatically audit account removal actions.
V-66193 Medium The HP FlexFabric Switch must protect audit information from unauthorized modification.
V-66251 Medium The HP FlexFabric Switch must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.
V-66223 Medium The HP FlexFabric Switch must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
V-66191 Medium The HP FlexFabric Switch must protect audit information from any type of unauthorized read access.
V-66243 Medium The HP FlexFabric Switch must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity.
V-66195 Medium The HP FlexFabric Switch must protect audit information from unauthorized deletion.
V-66219 Medium The HP FlexFabric Switch, when utilizing PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
V-66293 Medium The HP FlexFabric Switch must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
V-66147 Medium The HP FlexFabric Switch must automatically audit account disabling actions.
V-66291 Medium The HP FlexFabric Switch must employ automated mechanisms to assist in the tracking of security incidents.
V-66221 Medium The HP FlexFabric Switch must map the authenticated identity to the user account for PKI-based authentication.
V-66297 Medium The HP FlexFabric switch must be configured to utilize an authentication server for the purpose of authenticating privilege users, managing accounts, and to centrally verify authentication settings and Personal Identity Verification (PIV) credentials.
V-66267 Medium The HP FlexFabric Switch must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur.
V-66205 Medium The HP FlexFabric Switch must prohibit password reuse for a minimum of five generations.
V-66299 Medium The HP FlexFabric switch must be configured to send log data to a syslog server for the purpose of forwarding alerts to the administrators and the ISSO.
V-66211 Medium If multifactor authentication is not supported and passwords must be used, the HP FlexFabric Switch must enforce password complexity by requiring that at least one numeric character be used.
V-66257 Medium The HP FlexFabric Switch must allow the use of a temporary password for system logons with an immediate change to a permanent password.
V-66227 Medium The HP FlexFabric Switch must automatically audit account enabling actions.
V-66235 Medium The HP FlexFabric Switch must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.
V-66201 Medium The HP FlexFabric Switch must disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.
V-66237 Medium The HP FlexFabric Switch must notify the administrator, upon successful logon (access), of the location of last logon (terminal or IP address) in addition to the date and time of the last logon (access).
V-66203 Medium The HP FlexFabric Switch must enforce a minimum 15-character password length.
V-66231 Medium If the HP FlexFabric Switch uses discretionary access control, the HP FlexFabric Switch must enforce organization-defined discretionary access control policies over defined subjects and objects.
V-66213 Medium If multifactor authentication is not supported and passwords must be used, the HP FlexFabric Switch must enforce password complexity by requiring that at least one special character be used.
V-66233 Medium If the HP FlexFabric Switch uses role-based access control, the HP FlexFabric Switch must enforce organization-defined role-based access control policies over defined subjects and objects.
V-66143 Medium The HP FlexFabric Switch must automatically audit account creation.
V-66225 Medium Network devices must provide a logoff capability for administrator-initiated communication sessions.
V-66253 Medium The HP FlexFabric Switch must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
V-66263 Medium The HP FlexFabric Switch must protect against or limit the effects of all known types of Denial of Service (DoS) attacks on the HP FlexFabric Switch management network by employing organization-defined security safeguards.
V-66271 Medium The HP FlexFabric Switch must generate audit records when successful/unsuccessful logon attempts occur.
V-66261 Medium Applications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.
V-66255 Medium The HP FlexFabric Switch must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision.
V-66275 Medium The HP FlexFabric Switch must generate audit records showing starting and ending time for administrator access to the system.
V-66215 Medium The HP FlexFabric Switch must enforce 24 hours/1 day as the minimum password lifetime.
V-66277 Medium The HP FlexFabric Switch must generate audit records when concurrent logons from different workstations occur.
V-66279 Medium The HP FlexFabric Switch must generate audit records for all account creations, modifications, disabling, and termination events.
V-66265 Medium If the HP FlexFabric Switch uses mandatory access control, the HP FlexFabric Switch must enforce organization-defined mandatory access control policies over all subjects and objects.
V-66145 Medium The HP FlexFabric Switch must automatically audit account modification.
V-66153 Medium The HP FlexFabric Switch must enforce approved authorizations for controlling the flow of management information within the HP FlexFabric Switch based on information flow control policies.
V-66217 Medium The HP FlexFabric Switch must enforce a 60-day maximum password lifetime restriction.
V-66259 Medium Applications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.
V-66285 Medium The HP FlexFabric Switch must generate audit log events for a locally developed list of auditable events.
V-66183 Low The HP FlexFabric Switch must produce audit records that contain information to establish the outcome of the event.
V-66181 Low The HP FlexFabric Switch must produce audit log records containing information to establish the source of events.
V-66187 Low The HP FlexFabric Switch must generate audit records containing the full-text recording of privileged commands.
V-66185 Low The HP FlexFabric Switch must generate audit records containing information that establishes the identity of any individual or process associated with the event.
V-66165 Low The HP FlexFabric Switch must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.
V-66289 Low The HP FlexFabric Switch must support organizational requirements to conduct backups of system level information contained in the information system when changes occur or weekly, whichever is sooner.
V-66177 Low The HP FlexFabric Switch must produce audit records containing information to establish when (date and time) the events occurred.
V-66175 Low The HP FlexFabric Switch must produce audit log records containing sufficient information to establish what type of event occurred.
V-66173 Low The HP FlexFabric Switch must initiate session auditing upon startup.
V-66179 Low The HP FlexFabric Switch must produce audit records containing information to establish where the events occurred.
V-66141 Low The HP FlexFabric Switch must automatically disable accounts after a 35-day period of account inactivity.
V-66167 Low The HP FlexFabric Switch must provide audit record generation capability for DoD-defined auditable events within the HP FlexFabric Switch.
V-65963 Low The HP FlexFabric Switch must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.