SAN resources must be masked and zoned appropriately.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-OS-99999-ESXI5-000150 | SRG-OS-99999-ESXI5-000150 | SRG-OS-99999-ESXI5-000150_rule | Low |
| Description |
|---|
| SAN activity must be segregated via zoning and LUN masking. Use of zoning must also take into account any host groups on the SAN device(s). |
| STIG | Date |
|---|---|
| VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-SRG-OS-99999-ESXI5-000150_chk ) |
|---|
| Zoning and masking capabilities for each SAN switch and disk array are vendor specific. Ask the SA if a SAN device is used to support hosts. If a SAN device is deployed and zoning/masking is not used, this is a finding. If SAN devices are not used, this is not a finding. |
| Fix Text (F-SRG-OS-99999-ESXI5-000150_fix) |
|---|
| If SAN devices are used, a vendor-specific procedure must be developed and documented to mask/zone host LUNs. |