| V-252196 | | The HPE Nimble must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity. | Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management se... |
| V-252197 | | The HPE Nimble must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access. | Centralized management of authentication settings increases the security of remote and nonlocal access methods. This control is particularly important... |
| V-252199 | | The HPE Nimble must forward critical alerts (at a minimum) to the system administrators and the ISSO. | Alerts are essential to let the system administrators and security personnel know immediately of issues which may impact the system or users. If these... |
| V-252200 | | The HPE Nimble must be running an operating system release that is currently supported by the vendor. | Network devices running an unsupported operating system lack current security fixes required to mitigate the risks associated with recent vulnerabilit... |
| V-252186 | | The HPE Nimble must initiate a session lock after a 15-minute period of inactivity. | A session lock is a temporary network device or administrator-initiated action taken when the administrator stops work but does not log out of the net... |
| V-252187 | | The HPE Nimble must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes. | By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, ... |
| V-252188 | | The HPE Nimble must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device. | Display of the DoD-approved use notification before granting access to the network device ensures privacy and security notification verbiage used is c... |
| V-252190 | | The HPE Nimble must enforce a minimum 15-character password length. | Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password ... |
| V-252191 | | The HPE Nimble must enforce password complexity by requiring that at least one uppercase character be used. | Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measur... |
| V-252192 | | The HPE Nimble must enforce password complexity by requiring that at least one lowercase character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure... |
| V-252193 | | The HPE Nimble must enforce password complexity by requiring that at least one numeric character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure... |
| V-252194 | | The HPE Nimble must enforce password complexity by requiring that at least one special character be used. | Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure... |
| V-252195 | | The HPE Nimble must require that when a password is changed, the characters are changed in at least eight of the positions within the password. | If the application allows the user to consecutively reuse extensive portions of passwords, this increases the chances of password compromise by increa... |
| V-252198 | | The HPE Nimble must obtain its public key certificates from an appropriate certificate policy through an approved service provider. | For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB policy. For federal agenci... |
| V-252201 | | The HPE Nimble must limit the number of concurrent sessions to an organization-defined number for each administrator account. | Device management includes the ability to control the number of administrators and management sessions that manage a device. Limiting the number of al... |
| V-252202 | | The HPE Nimble must be configured to synchronize internal information system clocks using an authoritative time source. | The loss of connectivity to a particular authoritative time source will result in the loss of time synchronization (free-run mode) and increasingly in... |
| V-252203 | | The HPE Nimble must configure a syslog server onto a different system or media than the system being audited. | Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
UDP is used to communicate between the array gro... |
| V-252902 | | HPE Nimble must be configured to disable HPE InfoSight. | DoD requires that the Mission Owner uses only the cloud services offering listed in either the FedRAMP or DISA PA DoD Cloud Catalog to host Unclassifi... |
| V-259800 | | HPE Nimble must not be configured to use "HPE Greenlake: Data Services Cloud Console". | DOD requires that the Mission Owner uses only the cloud services offering listed in either the FedRAMP or DISA PA DOD Cloud Catalog to host Unclassifi... |
| V-259801 | | HPE Alletra 5000/6000 must be configured to disable management by "HPE Greenlake: Data Services Cloud Console". | DOD requires that the Mission Owner uses only the cloud services offering listed in either the FedRAMP or DISA PA DOD Cloud Catalog to host Unclassifi... |
