SAN devices are not added to the site System Security Authorization Agreement (SSAA).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6609 | SAN04.001.00 | SV-6729r1_rule | Low |
| Description |
|---|
| All hardware and software will be entered into the SSAA. This gives a central location where it can be shown that all interested parties have reviewed the impact on their security posture and approved the implementation of the SAN. The IAO/NSO will ensure that SAN devices are added to the site System Security Authorization Agreement (SSAA). |
| STIG | Date |
|---|---|
| Storage Area Network STIG | 2018-10-03 |
Details
| Check Text ( C-2439r1_chk ) |
|---|
| The reviewer will interview the IAO/NSO to validate that SAN devices are added to the site System Security Authorization Agreement (SSAA). |
| Fix Text (F-6198r1_fix) |
|---|
| Update the SSAA following the SSAA review and acceptance procedures to include the SAN. |