UCF STIG Viewer Logo

Storage Area Network STIG


Overview

Date Finding Count (19)
2019-06-28 CAT I (High): 4 CAT II (Med): 12 CAT III (Low): 3
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Public)

Finding ID Severity Title
V-6623 High Vendor supported, DOD approved, anti-virus software is not installed and configured on all SAN servers in accordance with the applicable operating system STIG on SAN servers and management devices and kept up-to-date with the most recent virus definition tables.
V-6608 High Hard zoning is not used to protect the SAN.
V-6656 High Unauthorized IP addresses are allowed Simple Network Management Protocol (SNMP) access to the SAN devices.
V-6647 High The SAN fabric zoning lists are not based on a policy of Deny-by-Default with blocks on all services and protocols not required on the given port or by the site.
V-6622 Medium Servers and other hosts are not compliant with applicable Operating System (OS) STIG requirements.
V-6636 Medium SAN management is not accomplished using the out-of-band or direct connection method.
V-6633 Medium The SAN must be configured to use bidirectional authentication.
V-6628 Medium A current drawing of the site’s SAN topology that includes all external and internal links, zones, and all interconnected equipment is not being maintained.
V-7081 Medium SAN components are not configured with fixed IP addresses.
V-6619 Medium Prior to installing SAN components (servers, switches, and management stations) onto the DOD network infrastructure, components are not configured to meet the applicable STIG requirements.
V-6652 Medium Simple Network Management Protocol (SNMP) is used and it is not configured in accordance with the guidance contained in the Network Infrastructure STIG.
V-6635 Medium Network management ports on the SAN fabric switches except those needed to support the operational commitments of the sites are not disabled.
V-6613 Medium All security related patches are not installed.
V-6610 Medium The SANs are not compliant with overall network security architecture, appropriate enclave, and data center security requirements in the Network Infrastructure STIG and the Enclave STIG
V-6605 Medium The default zone visibility setting is not set to “none”.
V-6661 Medium Fabric switch configurations and management station configuration are not archived and/or copies of the operating system and other critical software for all SAN components are not stored in a fire rated container or are not collocated with the operational software.
V-6637 Low Communications from the management console to the SAN fabric are not protected strong two-factor authentication.
V-6648 Low Attempts to access ports, protocols, or services that are denied are not logged..
V-6660 Low End-user platforms are directly attached to the Fibre Channel network or access storage devices directly.