STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 6 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

HPE Nimble Storage Array NDM Security Technical Implementation Guide

Version

V2R1

Release Date

Jun 20, 2024

SCAP Benchmark ID

HPE_Nimble_Storage_Array_NDM_STIG

Total Checks

20

Tags

other
CAT I: 4CAT II: 16CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (20)

V-252186MEDIUMThe HPE Nimble must initiate a session lock after a 15-minute period of inactivity.V-252187MEDIUMThe HPE Nimble must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.V-252188MEDIUMThe HPE Nimble must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.V-252190MEDIUMThe HPE Nimble must enforce a minimum 15-character password length.V-252191MEDIUMThe HPE Nimble must enforce password complexity by requiring that at least one uppercase character be used.V-252192MEDIUMThe HPE Nimble must enforce password complexity by requiring that at least one lowercase character be used.V-252193MEDIUMThe HPE Nimble must enforce password complexity by requiring that at least one numeric character be used.V-252194MEDIUMThe HPE Nimble must enforce password complexity by requiring that at least one special character be used.V-252195MEDIUMThe HPE Nimble must require that when a password is changed, the characters are changed in at least eight of the positions within the password.V-252196HIGHThe HPE Nimble must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity.V-252197HIGHThe HPE Nimble must be configured to use an authentication server for the purpose of authenticating users prior to granting administrative access.V-252198MEDIUMThe HPE Nimble must obtain its public key certificates from an appropriate certificate policy through an approved service provider.V-252199HIGHThe HPE Nimble must forward critical alerts (at a minimum) to the system administrators and the ISSO.V-252200HIGHThe HPE Nimble must be running an operating system release that is currently supported by the vendor.V-252201MEDIUMThe HPE Nimble must limit the number of concurrent sessions to an organization-defined number for each administrator account.V-252202MEDIUMThe HPE Nimble must be configured to synchronize internal information system clocks using an authoritative time source.V-252203MEDIUMThe HPE Nimble must configure a syslog server onto a different system or media than the system being audited.V-252902MEDIUMHPE Nimble must be configured to disable HPE InfoSight.V-259800MEDIUMHPE Nimble must not be configured to use "HPE Greenlake: Data Services Cloud Console".V-259801MEDIUMHPE Alletra 5000/6000 must be configured to disable management by "HPE Greenlake: Data Services Cloud Console".