UCF STIG Viewer Logo

HPE 3PAR SSMC Operating System Security Technical Implementation Guide


Date Finding Count (14)
2022-10-13 CAT I (High): 0 CAT II (Med): 12 CAT III (Low): 2
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-255237 Medium Any publicly accessible connection to SSMC must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the system.
V-255250 Medium SSMC must allocate audit record storage capacity to store at least one weeks' worth of audit records, when audit records are not immediately sent to a central audit record storage facility.
V-255248 Medium SSMC must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
V-255238 Medium SSMC must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system.
V-255239 Medium SSMC must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
V-255241 Medium SSMC must enforce a minimum 15-character password length.
V-255240 Medium SSMC must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.
V-255243 Medium SSMC must be configured to offload logs to a SIEM that is configured to alert the ISSO or SA when the local built-in admin account (ssmcadmin) is accessed.
V-255242 Medium SSMC must generate error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
V-255245 Medium For PKI-based authentication, SSMC must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor.
V-255244 Medium SSMC must synchronize internal information system clocks to the authoritative time source when the time difference is greater than one second.
V-255247 Medium SSMC must terminate all network connections associated with a communications session at the end of the session, or as follows: for in-band management sessions (privileged sessions), the session must be terminated after 10 minutes of inactivity.
V-255249 Low SSMC must provide audit record generation capability for DOD-defined auditable events for all operating system components.
V-255246 Low SSMC must enforce the limit of three consecutive invalid logon attempts by a nonadministrative user.