The storage system must implement cryptographic mechanisms to prevent unauthorized modification or disclosure of all information at rest on all storage system components.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-237819 | HP3P-32-001200 | SV-237819r647866_rule | Low |
| Description |
|---|
| Operating systems handling data requiring “data at rest” protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest. Selection of a cryptographic mechanism is based on the need to protect the integrity of organizational information. The strength of the mechanism is commensurate with the security category and/or classification of the information. Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields). Satisfies: SRG-OS-000404-GPOS-00183, SRG-OS-000405-GPOS-00184 |
| STIG | Date |
|---|---|
| HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide | 2021-11-23 |
Details
| Check Text ( C-41029r647864_chk ) |
|---|
| Review the requirements by the Information Owner to discover whether the system stores sensitive or classified information. If the system does not store sensitive or classified information, this is not applicable. Verify that data at rest encryption is enabled by entering the following command: cli% controlencryption status Licensed | Enabled | BackupSaved | State | SeqNum | Keystore yes | Yes | no | normal | 0 | --- If the "Enabled" flag is not set to "Yes" as shown in the output above, this is a finding. |
| Fix Text (F-40988r647865_fix) |
|---|
| Contact an authorized installer to enable the data-at-rest encryption feature. The data at rest encryption feature has hardware and licensing pre-requisites which must be verified by an authorized installer prior to enabling the feature. |