STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide

V-283437

CAT II (Medium)

The HPE Alletra Storage ArcusOS device must be configured to protect nonlocal maintenance sessions by separating the maintenance session from other network sessions with the system by logically separated communications paths.

Rule ID

SV-283437r1195005_rule

STIG

HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-004192

Discussion

To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable unused or unnecessary physical and logical ports/protocols on information systems. Network devices can provide a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizational operations. Additionally, it is sometimes convenient to provide multiple services from a single component (e.g., email and web services); however, doing so increases risk over limiting the services provided by any one component. To support the requirements and principles of least functionality, the network device must support the organizational requirements providing only essential capabilities and limiting using ports, protocols, and/or services to only those required, authorized, and approved. Some network devices have capabilities enabled by default; if these capabilities are not necessary, they must be disabled. If a particular capability is used, then it must be documented and approved. Configuring the network device to implement organizationwide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DOD that reflects the most restrictive security posture consistent with operational requirements. Configuration settings are the set of parameters that can be changed that affect the security posture and/or functionality of the network device. Security-related parameters are those parameters impacting the security state of the network device, including the parameters required to satisfy other security control requirements. Nonlocal maintenance and diagnostic activities are conducted by individuals who communicate through either an external or internal network. Communications paths can be logically separated using encryption.

Check Content

Using the nmap tool, verify only secure ports are open. 

From a command shell on a Linux workstation in the operational environment, enter the following command:

$ sudo nmap -sT -sU -sV --version-all -vv -p 1-65535 <ip address of storage system> 

If any Port is listed other than SSHD(22), NTP(123), SNMP(161,162), 3par-mgmt-ssl (5783), CIM (5989/configurable), or WSAPI (8088/configurable), this is a finding.

Fix Text

Disable all unencrypted ports:

cli%  setnet disableports yes