STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

HP FlexFabric Switch L2S Security Technical Implementation Guide

Version

V1R3

Release Date

Jun 3, 2020

SCAP Benchmark ID

HP_FlexFabric_Switch_L2S_STIG

Total Checks

22

Tags

network
CAT I: 1CAT II: 21CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (22)

V-65961MEDIUMThe HP FlexFabric Switch must be configured to disable non-essential capabilities.V-66051HIGHHP FlexFabric Switch must authenticate all network-connected endpoint devices before establishing any connection.V-66057MEDIUMThe HP FlexFabric Switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks.V-66059MEDIUMThe HP FlexFabric Switch must provide the capability for authorized users to select a user session to capture.V-66061MEDIUMThe HP FlexFabric Switch must provide the capability for authorized users to remotely view, in real time, all content related to an established user session from a component separate from the HP FlexFabric Switch.V-66063MEDIUMThe HP FlexFabric Switch must have Root Guard enabled on all ports where the root bridge should not appear.V-66065MEDIUMThe HP FlexFabric Switch must have BPDU Guard enabled on all user-facing access ports.V-66067MEDIUMThe HP FlexFabric Switch must have STP Loop Protection enabled all non-designated STP switch ports.V-66069MEDIUMThe HP FlexFabric Switch must have unknown storm-constrain enabled.V-66071MEDIUMThe HP FlexFabric Switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources as well as rate-limit DHCP traffic.V-66073MEDIUMThe HP FlexFabric Switch must have IP Source Guard enabled on all user-facing or untrusted access switch ports.V-66075MEDIUMThe HP FlexFabric Switch must have Dynamic ARP Inspection (DAI) enabled on all user VLANs.V-66077MEDIUMThe HP FlexFabric Switch must implement Rapid STP where VLANs span multiple switches with redundant links.V-66079MEDIUMThe HP FlexFabric Switch must enable Device Link Detection Protocol (DLDP) to protect against one-way connections.V-66081MEDIUMThe HP FlexFabric Switch must have all trunk links enabled statically.V-66085MEDIUMThe HP FlexFabric Switch must have all disabled switch ports assigned an unused VLAN.V-66087MEDIUMThe HP FlexFabric Switch must not have the default VLAN assigned to any host-facing switch ports.V-66089MEDIUMThe HP FlexFabric Switch must have the default VLAN pruned from all trunk ports that do not require it.V-66091MEDIUMThe HP FlexFabric Switch must not use the default VLAN for management traffic.V-66093MEDIUMThe HP FlexFabric Switch must have all user-facing or untrusted ports configured as access switch ports.V-66095MEDIUMThe HP FlexFabric Switch must have the native VLAN assigned to a VLAN ID other than the default VLAN ID for all 802.1q trunk links.V-66097MEDIUMThe HP FlexFabric Switch must not have any access switch ports assigned to the native VLAN.