UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Storage Area Network STIG


Overview

Date Finding Count (20)
2018-10-03 CAT I (High): 4 CAT II (Med): 12 CAT III (Low): 4
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
V-6623 High Vendor supported, DOD approved, anti-virus software is not installed and configured on all SAN servers in accordance with the applicable operating system STIG on SAN servers and management devices and kept up-to-date with the most recent virus definition tables.
V-6608 High Hard zoning is not used to protect the SAN.
V-6656 High Unauthorized IP addresses are allowed Simple Network Management Protocol (SNMP) access to the SAN devices.
V-6647 High The SAN fabric zoning lists are not based on a policy of Deny-by-Default with blocks on all services and protocols not required on the given port or by the site.
V-6622 Medium Servers and other hosts are not compliant with applicable Operating System (OS) STIG requirements.
V-6636 Medium SAN management is not accomplished using the out-of-band or direct connection method.
V-6633 Medium The SAN must be configured to use bidirectional authentication.
V-6628 Medium A current drawing of the site’s SAN topology that includes all external and internal links, zones, and all interconnected equipment is not being maintained.
V-7081 Medium SAN components are not configured with fixed IP addresses.
V-6619 Medium Prior to installing SAN components (servers, switches, and management stations) onto the DOD network infrastructure, components are not configured to meet the applicable STIG requirements.
V-6652 Medium Simple Network Management Protocol (SNMP) is used and it is not configured in accordance with the guidance contained in the Network Infrastructure STIG.
V-6635 Medium Network management ports on the SAN fabric switches except those needed to support the operational commitments of the sites are not disabled.
V-6613 Medium All security related patches are not installed.
V-6610 Medium The SANs are not compliant with overall network security architecture, appropriate enclave, and data center security requirements in the Network Infrastructure STIG and the Enclave STIG
V-6605 Medium The default zone visibility setting is not set to “none”.
V-6661 Medium Fabric switch configurations and management station configuration are not archived and/or copies of the operating system and other critical software for all SAN components are not stored in a fire rated container or are not collocated with the operational software.
V-6637 Low Communications from the management console to the SAN fabric are not protected strong two-factor authentication.
V-6609 Low SAN devices are not added to the site System Security Authorization Agreement (SSAA).
V-6648 Low Attempts to access ports, protocols, or services that are denied are not logged..
V-6660 Low End-user platforms are directly attached to the Fibre Channel network or access storage devices directly.