From Storage Area Network STIG
Part of SAN Switch encryption and DOD PKI
Associated with IA controls: ECNK-1, IAIA-2, IAIA-1
Failure to provide encryption for SAN switches that handle sensitive data can lead to the compromise of sensitive data. DOD PKI will supplies better protection from malicious attacks than userid/password authentication and should be used anytime it is feasible. If manufactures default keys are not changed prior to connection to the network the switch will be vulnerable to malicious attacks by individuals who know these keys.
The reviewer will, with the assistance of the IAO/NSO, verify that fabric switches are protected by encryption and DOD PKI and that the manufacturer’s default keys are changed prior to attaching to the SAN Fabric for SANs processing sensitive information.
Develop a plan to implement encryption, DOD PKI and change the manufacturers default keys. Obtain CM approval for the plan and then execute the plan.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer