The HPE Nimble must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-252188 | HPEN-NM-000030 | SV-252188r814044_rule | Medium |
| Description |
|---|
| Display of the DoD-approved use notification before granting access to the network device ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System use notifications are required only for access via logon interfaces with human users. |
| STIG | Date |
|---|---|
| HPE Nimble Storage Array Security Technical Implementation Guide | 2022-03-16 |
Details
| Check Text ( C-55644r814042_chk ) |
|---|
| Attempt a login to NimOS by typing "ssh username@array", where username is a valid user, and array is an array DNS name. If the correct DoD banner is not displayed before a password prompt, this is a finding. |
| Fix Text (F-55594r814043_fix) |
|---|
| Type "group --edit --login_banner", and then copy-paste or type the required banner. Then, to display the banner before login, type "group --edit --login_banner_after_auth no". |