Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6646 | SAN04.018.00 | SV-6792r1_rule | High |
Description |
---|
The changing of passwords from the default value blocks malicious users with knowledge of the default passwords for the manufacturer's SAN Management software from creating a denial of service by disrupting the SAN or reconfigure the SAN topology leading to a compromise of sensitive data. The IAO/NSO will ensure that the manufacturer’s default passwords are changed for all SAN management software. |
STIG | Date |
---|---|
Storage Area Network STIG | 2018-10-03 |
Check Text ( C-2572r1_chk ) |
---|
The reviewer will, with the assistance of the IAO/NSO, verify that the manufacturer’s default passwords have been changed for all SAN management software. |
Fix Text (F-6249r1_fix) |
---|
Develop a plan to change manufacturer’s default passwords for all SAN management software. Obtain CM approval of the plan and implement the plan. |