Title

Servers and other hosts are not compliant with applicable Operating System (OS) STIG requirements. (Cat II impact)

Discussion

SAN servers and other hosts are hardware software combinations that actually run under the control of a native OS found on the component. This OS may be UNIX, LNIX, Windows, etc. The underlying OS must be configured to be compliant with the applicable STIG to ensure that they do not insert known vulnerabilities into the DOD network infrastructure. The IAO/NSO will ensure that servers and other hosts are compliant with applicable Operating System (OS) STIG requirements.

Check Content

The reviewer will interview the IAO/NSO and view the VMS to verify that servers and other hosts are compliant with applicable Operating System (OS) STIG requirements.

Fix Text

Perform a self assessment using the applicable OS checklists or scripts on any server or host in the SAN that has not been reviewer or request a formal review from FSO.

Additional Identifiers

Rule ID: SV-6742r1_rule

Vulnerability ID: V-6622

Group Title: Servers and hosts OS STIG Requirements

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.