The HPE Alletra Storage ArcusOS device must install security-relevant firmware updates within 30 days unless the time period is directed by an authoritative source (e.g., IAVM, CTOs, DTMs, STIGs).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-283414 | ASMP-ND-000900 | SV-283414r1194936_rule | CCI-002605 | medium |
| Description | ||||
| Security flaws with firmware are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. Organizations (including any contractor to the organization) are required to promptly install security-relevant firmware updates. Flaws discovered during security assessments, continuous monitoring, incident response activities, or information system error handling must also be addressed expeditiously. | ||||
| STIG | Date | |||
| HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide | 2026-03-03 | |||
Details
Check Text (C-283414r1194936_chk)
Verify software updates are consistently applied to the HPE Alletra Storage ArcusOS device within the time frame defined for each patch.
Check the software version:
cli% showversion
Release version 10.3.0
Component Name Version
CLI Server 10.3.0
CLI Client 10.3.0
System Manager 10.3.0
Kernel 10.3.0
IO Stack 10.3.0
Drive Firmware 10.3.0
Enclosure Firmware 10.3.0
Upgrade Tool 61 (231107)
If the HPE Alletra Storage ArcusOS device does not have security-relevant updates installed within the time period directed by the authoritative source, this is a finding.
Fix Text (F-87884r1194935_fix)
Install the latest approved update through the web UI.
1. Select "system" from left navigation pane.
2. Select "software" from main navigation pane.
3. Select "Load an update package" from the Actions pane.
4. Choose a file location from which to upload.
5. Return to the software screen and select "Update software" from the Actions pane.
6. Verify the version selected for update is listed/selected, and then click "Install".