UCF STIG Viewer Logo

HPE Nimble Storage Array Security Technical Implementation Guide


Overview

Date Finding Count (19)
2022-03-16 CAT I (High): 4 CAT II (Med): 15 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-252197 High The HPE Nimble must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.
V-252199 High The HPE Nimble must forward critical alerts (at a minimum) to the system administrators and the ISSO.
V-252200 High The HPE Nimble must be running an operating system release that is currently supported by the vendor.
V-252196 High The HPE Nimble must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity.
V-252187 Medium The HPE Nimble must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.
V-252186 Medium The HPE Nimble must initiate a session lock after a 15-minute period of inactivity.
V-252194 Medium The HPE Nimble must enforce password complexity by requiring that at least one special character be used.
V-252190 Medium The HPE Nimble must enforce a minimum 15-character password length.
V-252191 Medium The HPE Nimble must enforce password complexity by requiring that at least one upper-case character be used.
V-252192 Medium The HPE Nimble must enforce password complexity by requiring that at least one lower-case character be used.
V-252193 Medium The HPE Nimble must enforce password complexity by requiring that at least one numeric character be used.
V-252203 Medium The HPE Nimble must configure a syslog server onto a different system or media than the system being audited.
V-252198 Medium The HPE Nimble must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
V-252189 Medium The HPE Nimble must not have any default manufacturer passwords when deployed.
V-252195 Medium The HPE Nimble must require that when a password is changed, the characters are changed in at least eight of the positions within the password.
V-252202 Medium The HPE Nimble must be configured to synchronize internal information system clocks using an authoritative time source.
V-252902 Medium HPE Nimble must be configured to disable HPE InfoSight.
V-252188 Medium The HPE Nimble must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.
V-252201 Medium The HPE Nimble must limit the number of concurrent sessions to an organization-defined number for each administrator account.