STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

STIGs updated 13 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

HPE 3PAR SSMC Web Server Security Technical Implementation Guide

Version

V2R1

Release Date

May 30, 2024

SCAP Benchmark ID

HPE_3PAR_SSMC_WS_STIG

Total Checks

19

Tags

web

CAT I: 3CAT II: 16CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (19)

V-255251HIGHThe SSMC web server must use cryptographic modules that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.V-255252MEDIUMSSMC web server must limit the number of allowed simultaneous session requests.V-255253HIGHSSMC web server must use encryption strength in accordance with the categorization of data hosted by the web server when remote connections are provided.V-255254HIGHSSMC web server must use cryptography to protect the integrity of remote sessions.V-255255MEDIUMSSMC web server must generate information to be used by external applications or entities to monitor and control remote access.V-255256MEDIUMSSMC web server must generate information to be used by external applications or entities to monitor and control remote access.V-255257MEDIUMSSMC web server must generate information to be used by external applications or entities to monitor and control remote access.V-255258MEDIUMThe SSMC web server must be configured to use a specified IP address and port.V-255259MEDIUMThe SSMC web server must perform RFC 5280-compliant certification path validation.V-255260MEDIUMSSMC web server must set an absolute timeout for sessions.V-255261MEDIUMSSMC web server must set an inactive timeout for sessions.V-255262MEDIUMSSMC web server must set an inactive timeout for shell sessions.V-255263MEDIUMSSMC web server must restrict connections from nonsecure zones.V-255264MEDIUMSSMC web server application, libraries, and configuration files must only be accessible to privileged users.V-255265MEDIUMSSMC web server must enable strict two-factor authentication for access to the webUI.V-255266MEDIUMSSMC web server must not impede the ability to write specified log record content to an audit log server.V-255267MEDIUMSSMC web server must generate, at a minimum, log records for system startup and shutdown, system access, and system authentication events.V-255268MEDIUMSSMC web server must initiate session logging upon start up.V-255269MEDIUMSSMC web server must use a logging mechanism that is configured to alert the ISSO and SA in the event of a processing failure.