UCF STIG Viewer Logo

NetApp ONTAP DSC 9.x Security Technical Implementation Guide


Overview

Date Finding Count (30)
2022-06-07 CAT I (High): 7 CAT II (Med): 23 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-246940 High ONTAP must be configured to use an authentication server to provide multifactor authentication.
V-246946 High ONTAP must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.
V-246964 High ONTAP must be configured to send audit log data to a central log server.
V-246927 High ONTAP must enforce administrator privileges based on their defined roles.
V-246959 High ONTAP must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
V-246958 High ONTAP must be configured to implement cryptographic mechanisms using FIPS 140-2.
V-246930 High ONTAP must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
V-246947 Medium ONTAP must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.
V-246944 Medium ONTAP must be configured to conduct backups of system level information.
V-246945 Medium ONTAP must use DoD-approved PKI rather than proprietary or self-signed device certificates.
V-246948 Medium ONTAP must implement replay-resistant authentication mechanisms for network access to privileges accounts.
V-246949 Medium ONTAP must be configured to authenticate SNMP messages using FIPS-validated Keyed-HMAC.
V-246963 Medium ONTAP must be configured to use a data authentication key to safeguard against denial-of-service (DoS) attacks.
V-246922 Medium ONTAP must be configured to limit the number of concurrent sessions.
V-246923 Medium ONTAP must be configured to create a session lock after 15 minutes.
V-246925 Medium ONTAP must automatically audit account-enabling actions.
V-246926 Medium ONTAP must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.
V-246955 Medium ONTAP must enforce password complexity by requiring that at least one special character be used.
V-246954 Medium ONTAP must enforce password complexity by requiring that at least one numeric character be used.
V-246951 Medium ONTAP must enforce a minimum 15-character password length.
V-246950 Medium ONTAP must authenticate NTP sources using authentication that is cryptographically based.
V-246953 Medium ONTAP must enforce password complexity by requiring that at least one lowercase character be used.
V-246952 Medium ONTAP must enforce password complexity by requiring that at least one uppercase character be used.
V-246933 Medium ONTAP must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
V-246932 Medium ONTAP must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.
V-246931 Medium ONTAP must be configured to enforce the limit of three consecutive failed logon attempts.
V-246936 Medium ONTAP must be configured to synchronize internal information system clocks using redundant authoritative time sources.
V-246935 Medium ONTAP must have audit guarantee enabled.
V-246939 Medium ONTAP must enforce access restrictions associated with changes to the device configuration.
V-246938 Medium ONTAP must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).