STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated just now
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Storage Area Network Security Technical Implementation Guide

V-6634

CAT III (Low)

The fabric switches must use DoD-approved PKI rather than proprietary or self-signed device certificates.

Rule ID

SV-6768r2_rule

STIG

Storage Area Network Security Technical Implementation Guide

Version

V2R5

CCIs

None

Discussion

DOD PKI supplies better protection from malicious attacks than userid/password authentication and should be used anytime it is feasible.

Check Content

The reviewer will, with the assistance of the IAO/NSO, verify fabric switches are protected by DOD PKI. 

View the installed device certificates.

Verify a DoD -approved certificate is loaded. 

If any of the certificates have the name or identifier of a non-DoD- approved source in the Issuer field, this is a finding.

Fix Text

Generate a new key-pair from a DoD-approved certificate issuer. Sites must consult the PKI/PKI pages on the http://iase.disa.mil/ website for procedures for NIPRNet and SIPRNet.