HPE 3PAR StoreServ 3.2.x STIG Version Comparison

There are 4 differences between versions v1 r2 (Jan. 27, 2017) (the "left" version) and v2 r1 (Jan. 27, 2022) (the "right" version).

Check HP3P-32-001006 was added to the benchmark in the "right" version.

This check's original form is available here.

Title

The CIM service must use DoD-approved encryption.

Check Content

Determine if the CIM service is running with proper encryption via the following command: cli% showcim If the CIM service is "Disabled" and the CIM service "State" is "Inactive", this requirement is not applicable. If the output does not report the CIM HTTP value is "Disabled", this is a finding. If the output does not report the CIM HPPTSPort value is "5989", this is a finding.

Discussion

Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. Facilitating the confidentiality and integrity of transmitted information requires the operating system to take measures in preparing information for transmission. This can be accomplished via encryption. This requirement applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, and facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.

Fix

Disable unsecured CIM ports and enable secured CIM ports with the following command: cli% setcim -http disable -https enable Confirm the operation with "y"