All SAN management consoles and ports are not password protected.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6645 | SAN04.017.00 | SV-6791r1_rule | High |
| Description |
|---|
| Without password protection malicious users can create a denial of service by disrupting the SAN or allow the compromise of sensitive date by reconfiguring the SAN topography. The IAO/NSO will ensure that all SAN management consoles and ports are password protected. |
| STIG | Date |
|---|---|
| Storage Area Network STIG | 2019-06-28 |
Details
| Check Text ( C-2571r1_chk ) |
|---|
| The reviewer will, with the assistance of the IAO/NSO, verify that all SAN management consoles and ports are password protected. |
| Fix Text (F-6248r1_fix) |
|---|
| Develop a plan for implementing password protection on the SAN’s management consoles and ports. Obtain CM approval of the plan and execute the plan. |