UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Communications from the management console to the SAN fabric are not protected strong two-factor authentication.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6637 SAN04.014.00 SV-6778r1_rule Low
Description
Using two-factor authentication between the SAN management console and the fabric enhances the security of the communications carrying privileged functions. It is harder for an unauthorized management console to take control of the SAN. The preferred solution for two-factor authentication is DoD PKI implemented on the CAC or Alternative (Alt) token.
STIG Date
Storage Area Network STIG 2019-06-28

Details

Check Text ( C-2544r1_chk )
The reviewer will, with the assistance of the IAO/NSO, verify that communications from the management console to the SAN fabric are protected using DOD PKI. If another method of two-factor authentication is used, then inspect approval documentation.

If two-factor authentication is not used, this is a finding.

If two-factor authentication method is not DoD PKI and no approval documentation exists, this is a finding.
Fix Text (F-6235r1_fix)
Develop a plan to migrate to the use of DoD PKI authentication between the SAN management console and the SAN fabric. Obtain CM approval of the plan and implement the plan.