Check: SAN04.010.00
Storage Area Network STIG:
SAN04.010.00
(in versions v2 r4 through v2 r3)
Title
The SAN must be configured to use bidirectional authentication. (Cat II impact)
Discussion
Switch-to-switch management traffic does not have to be encrypted. Bidirectional authentication ensures that a rogue switch cannot be inserted and be auto configured to join the fabric.
Check Content
Verify that all fabric switches are configured to bidirectional authentication.
Fix Text
Configure the SAN fabric switches to use bidirectional authentication between switches.
Additional Identifiers
Rule ID: SV-6753r2_rule
Vulnerability ID: V-6633
Group Title: Fabric Switches do not have bidirectional authentication
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |