iSCSI passwords are not compliant with DoD policy.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15791	ESX0090	SV-16730r1_rule		Medium

Description
Storage administrators will protect storage configuration data from unauthorized users by using passwords that are in accordance with the policy in DoDI 8500.2

STIG	Date
VMware ESX 3 Server	2016-05-13

Details

Check Text ( C-15978r1_chk )
Work with the system administrator to determine compliance. Request the system administrator login to the iSCSI storage device and verify that the password is 14 characters. Review the complexity requirements are met by reviewing the configuration with the system administrator. The complexity requirements are one upper case letter, one lower case letter, one special character, and one number. If the password does not meet these requirements, this is a finding.

Check Text ( C-15978r1_chk )

Work with the system administrator to determine compliance. Request the system administrator login to the iSCSI storage device and verify that the password is 14 characters. Review the complexity requirements are met by reviewing the configuration with the system administrator. The complexity requirements are one upper case letter, one lower case letter, one special character, and one number. If the password does not meet these requirements, this is a finding.

Fix Text (F-15733r1_fix)
Configure all iSCSI passwords according to DoD policy.