Check: SAN04.017.00
Storage Area Network STIG:
SAN04.017.00
(in versions v2 r4 through v2 r2)
Title
All SAN management consoles and ports are not password protected. (Cat I impact)
Discussion
Without password protection malicious users can create a denial of service by disrupting the SAN or allow the compromise of sensitive date by reconfiguring the SAN topography. The IAO/NSO will ensure that all SAN management consoles and ports are password protected.
Check Content
The reviewer will, with the assistance of the IAO/NSO, verify that all SAN management consoles and ports are password protected.
Fix Text
Develop a plan for implementing password protection on the SAN’s management consoles and ports. Obtain CM approval of the plan and execute the plan.
Additional Identifiers
Rule ID: SV-6791r1_rule
Vulnerability ID: V-6645
Group Title: Password SAN Management Console and Ports
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |