Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6660 | SAN04.024.00 | SV-6807r1_rule | DCBP-1 | Low |
Description |
---|
End-user platforms should only be connected to servers that run applications that access the data found on the SAN devices. SANs do not supply a robust user identification and authentication platform. They depend on the servers and applications to authenticate the users and restrict access to users as required. The IAO/NSO will ensure that end-user platforms are not directly attached to the Fibre Channel network and may not access storage devices directly. |
STIG | Date |
---|---|
Storage Area Network STIG | 2018-10-03 |
Check Text ( C-2586r1_chk ) |
---|
The reviewer will, with the assistance of the IAO/NSO, verify that end-user platforms are not directly attached to the Fibre Channel network and may not access storage devices directly. If the SAN is small with all of its components collocated, this can be done by a visual inspection but in most cases the reviewer will have to check the SAN network drawing. |
Fix Text (F-6255r1_fix) |
---|
Develop a plan to remove end-user platforms from the SAN. Obtain CM approval for the plan and implement the plan. |