| V-283358 | | The HPE Alletra Storage ArcusOS device must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the device. | Displaying the DOD-approved use notification before granting access to the network device ensures privacy and security notification verbiage used is c... |
| V-283378 | | The HPE Alletra Storage ArcusOS device must be configured with only one local interactive account to be used as the account of last resort in the event the authentication server is unavailable. | Authentication for administrative (privileged level) access to the device is required at all times. An account can be created on the device's local da... |
| V-283381 | | The HPE Alletra Storage ArcusOS device must enforce a minimum 15-character password length. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password ... |
| V-283382 | | The HPE Alletra Storage ArcusOS device must enforce password complexity by requiring at least one uppercase character, one lowercase character, one numeric character, and one special character be used. | Use of complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure ... |
| V-283400 | | The HPE Alletra Storage ArcusOS device must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | Network devices must be able to allocate audit record storage capacity to ensure sufficient storage capacity in which to write the audit logs. The tas... |
| V-283401 | | The HPE Alletra Storage ArcusOS device must allocate a set number of audit records that can be stored on the system in accordance with organization-defined audit record storage requirements. | Network devices must be able to allocate audit record storage capacity to ensure sufficient storage capacity in which to write the audit logs. The tas... |
| V-283402 | | The HPE Alletra Storage ArcusOS device must have an SNMPv3 user account configured. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time aler... |
| V-283403 | | The HPE Alletra Storage ArcusOS device must be configured to collect and send SNMPv3 notifications. | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time aler... |
| V-283404 | | The HPE Alletra Storage ArcusOS device must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). | If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis.
Time stamps generate... |
| V-283409 | | The HPE Alletra Storage ArcusOS device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time aler... |
| V-283410 | | The HPE Alletra Storage ArcusOS device must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based. | If NTP is not authenticated, an attacker can introduce a rogue NTP server. This rogue server can then be used to send incorrect time information to ne... |
| V-283414 | | The HPE Alletra Storage ArcusOS device must install security-relevant firmware updates within 30 days unless the time period is directed by an authoritative source (e.g., IAVM, CTOs, DTMs, STIGs). | Security flaws with firmware are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vu... |
| V-283437 | | The HPE Alletra Storage ArcusOS device must be configured to protect nonlocal maintenance sessions by separating the maintenance session from other network sessions with the system by logically separated communications paths. | To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within d... |
| V-283377 | | The HPE Alletra Storage ArcusOS device must be configured to prohibit using all unnecessary and/or nonsecure ports, protocols, and/or services. | To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within d... |
| V-283387 | | The HPE Alletra Storage ArcusOS device must use FIPS 140-approved algorithms for authentication to a cryptographic module. | Passwords must be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be ... |
| V-283388 | | The HPE Alletra Storage ArcusOS device must terminate all network connections at the end of the session, or the session must be terminated after five minutes of inactivity, except to fulfill documented and validated mission requirements. | Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management se... |
| V-283425 | | The HPE Alletra Storage ArcusOS device must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access. | Centralized management of authentication settings increases the security of remote and nonlocal access methods. This control is particularly important... |
| V-283429 | | The HPE Alletra Storage ArcusOS device must be configured to send log data to at least one central log server for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). For boundary devices, two log servers are required. | The aggregation of log data kept on a syslog server can be used to detect attacks and trigger an alert to the appropriate security personnel. The stor... |
| V-283430 | | The HPE Alletra Storage ArcusOS device must be running an operating system release that is currently supported by the vendor. | Network devices running an unsupported operating system lack current security fixes required to mitigate the risks associated with recent vulnerabilit... |
