Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6639 | SAN04.016.00 | SV-6783r1_rule | Low |
Description |
---|
The communication between the SAN management consol and the SAN fabric carries sensitive privileged configuration data. This data's confidentiality will be protected with FIPS 140-1/2 validate algorithm for encryption. Configuration data could be used to create a denial of service by disrupting the SAN fabric. The storage administrator will configure the SAN to use FIPS 140-1/2 validated encryption algorithm to protect management-to-fabric communications. |
STIG | Date |
---|---|
Storage Area Network STIG | 2018-10-03 |
Check Text ( C-2555r1_chk ) |
---|
The reviewer will, with the assistance of the storage administrator, verify that the SAN is configured to use FIPS 140-1/2 validated encryption algorithm to protect management-to-fabric communications. |
Fix Text (F-6240r1_fix) |
---|
Develop a plan to implement FIPS-140-1/2 validated encryption to protect management-to-fabric communications. Obtain CM approval of the plan and execute the plan. |