The HP FlexFabric Switch must have a local account that will only be used as an account of last resort with full access to the network device.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-217483 | HFFS-ND-000140 | SV-217483r961863_rule | CCI-000366 | high |
| Description | ||||
| In the event the network device loses connectivity to the management network authentication service, only a local account can gain access to the switch to perform configuration and maintenance. Without this capability, the network device is inaccessible to administrators. | ||||
| STIG | Date | |||
| HP FlexFabric Switch NDM Security Technical Implementation Guide | 2025-06-12 | |||
Details
Check Text (C-217483r961863_chk)
Verify that the switch is configured with a local user that has full access by entering the following command: display local-user user-name <name of user account>.
The user role list should contain the following: network-admin, network-operator
If the switch does not have a local user with full access, this is a finding.
Fix Text (F-18705r293125_fix)
Configure the switch with a local user account that has network-admin and network-operator role.
[5900]local-user adminxxx
[5900-luser-manage-adminxxx]authorization-attribute user-role network-admin (or level=15)
[5900-luser-manage-adminxxx]authorization-attribute user-role network-operator
[5900-luser-manage-adminxxx]service-type terminal
[5900-luser-manage-adminxxx]password hash xxxxxxxxxxxxxx