STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated just now
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Storage Area Network Security Technical Implementation Guide

V-6637

CAT III (Low)

Communications from the management console to the SAN fabric are not protected strong two-factor authentication.

Rule ID

SV-6778r1_rule

STIG

Storage Area Network Security Technical Implementation Guide

Version

V2R5

CCIs

None

Discussion

Using two-factor authentication between the SAN management console and the fabric enhances the security of the communications carrying privileged functions. It is harder for an unauthorized management console to take control of the SAN. The preferred solution for two-factor authentication is DoD PKI implemented on the CAC or Alternative (Alt) token.

Check Content

The reviewer will, with the assistance of the IAO/NSO, verify that communications from the management console to the SAN fabric are protected using DOD PKI.  If another method of two-factor authentication is used, then inspect approval documentation. 

If two-factor authentication is not used, this is a finding.

If two-factor authentication method is not DoD PKI and no approval documentation exists, this is a finding.

Fix Text

Develop a plan to migrate to the use of DoD PKI authentication between the SAN management console and the SAN fabric.  Obtain CM approval of the plan and implement the plan.