STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide

V-283377

CAT I (High)

The HPE Alletra Storage ArcusOS device must be configured to prohibit using all unnecessary and/or nonsecure ports, protocols, and/or services.

Rule ID

SV-283377r1194825_rule

STIG

HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000382

Discussion

To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable unused or unnecessary physical and logical ports/protocols on information systems. Network devices can provide a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizational operations. Additionally, it is sometimes convenient to provide multiple services from a single component (e.g., email and web services); however, doing so increases risk over limiting the services provided by any one component. To support the requirements and principles of least functionality, the network device must support the organizational requirements providing only essential capabilities and limiting using ports, protocols, and/or services to only those required, authorized, and approved. Some network devices have capabilities enabled by default; if these capabilities are not necessary, they must be disabled. If a particular capability is used, then it must be documented and approved. Configuring the network device to implement organizationwide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DOD that reflects the most restrictive security posture consistent with operational requirements. Configuration settings are the set of parameters that can be changed that affect the security posture and/or functionality of the network device. Security-related parameters are those parameters impacting the security state of the network device, including the parameters required to satisfy other security control requirements. Nonlocal maintenance and diagnostic activities are conducted by individuals who communicate through either an external or internal network. Communications paths can be logically separated using encryption.

Check Content

Issue the following commands to check various services:

cli%  setnet disableports yes

cli% stoprda
RDA service is already disabled.

Note: There is no command to show the status of the disabled ports or the RDA service.

cli% showrcopy -d

Remote Copy System Information
Status: Stopped, Normal

cli% showvasa

-Service-   -------------------VASA_API2_URL-------------------                                -MemUsage(MiB)- -Version-
Enabled    https://HPE_Alletra_Storage_MP-4UW0002474:9997/vasa             147                               5.2.0.18

cli% showcim

-Service- -State- --SLP-- SLPPort -HTTPS- HTTPSPort PGVer  CIMVer
Enabled   Active  Enabled     427 Enabled      5989 2.14.1 10.5.0

cli% showwsapi -d

service State Enabled

If any unnecessary and/or nonsecure ports, protocols, and/or services are enabled, this is a finding.

Fix Text

Disable all unnecessary and/or nonsecure ports, protocols, and/or services.

Disable unsecure ports:
cli%  setnet disableports yes

Stop the RDA Service:
cli% stoprda

Stop the Remote Copy Service:
%cli stoprcopy"

Stop the VASA Service:
cli% stopvasa -f

Stop the CIM Service:
cli% stopcim -f

Stop the Web Services API:
cli% stopwsapi -f