HPE Alletra Storage ArcusOS Web Server Security Technical Implementation Guide
Overview
| Version | Date | Finding Count (6) | Downloads | ||
| V1R1 | 2026-03-03 | CAT I (High): 0 | CAT II (Medium): 6 | CAT III (Low): 0 | |
| STIG Description |
| This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. |
Findings - MAC I - Mission Critical Classified
| Finding ID | Severity | Title | Description |
|---|---|---|---|
| V-283027 | The HPE Alletra Storage ArcusOS device must implement cryptographic mechanisms to prevent unauthorized disclosure and modification of all information at rest on all system components. | Data at rest is inactive data which is stored physically in any digital form (e.g., databases, data warehouses, spreadsheets, archives, tapes, off-sit... | |
| V-283037 | The HPE Alletra Storage ArcusOS device must set an inactive timeout for sessions. | Leaving sessions open indefinitely is a major security risk. An attacker can easily use an already authenticated session to access the hosted applicat... | |
| V-283038 | The HPE Alletra Storage ArcusOS device must disable remote access. | Remote access to the web server is any access that communicates through an external, nonorganization-controlled network. Remote access can be used to ... | |
| V-283073 | The HPE Alletra Storage ArcusOS device must have an SNMPv3 user account configured. | Audit information includes all information needed to successfully audit system activity, such as audit records, audit log settings, audit reports, and... | |
| V-283074 | The HPE Alletra Storage ArcusOS device must be configured to collect and send SNMPv3 notifications. | Audit information includes all information needed to successfully audit system activity, such as audit records, audit log settings, audit reports, and... | |
| V-283090 | The HPE Alletra Storage ArcusOS device must utilize trusted and authorized certificates. | Public key infrastructure (PKI) certificates are certificates with visibility external to organizational systems and certificates related to the inter... |