STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

NetApp ONTAP DSC 9.x Security Technical Implementation Guide

Version

V2R3

Release Date

Dec 8, 2025

SCAP Benchmark ID

NetApp_ONTAP_DSC_9-x_STIG

Total Checks

29

Tags

other
CAT I: 7CAT II: 22CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (29)

V-246922MEDIUMONTAP must be configured to limit the number of concurrent sessions.V-246923MEDIUMONTAP must be configured to create a session lock after 15 minutes.V-246925MEDIUMONTAP must automatically audit account-enabling actions.V-246926MEDIUMONTAP must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.V-246927HIGHONTAP must enforce administrator privileges based on their defined roles.V-246930HIGHONTAP must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.V-246931MEDIUMONTAP must be configured to enforce the limit of three consecutive failed logon attempts.V-246932MEDIUMONTAP must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.V-246933MEDIUMONTAP must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.V-246935MEDIUMONTAP must have audit guarantee enabled.V-246936MEDIUMONTAP must be configured to synchronize internal information system clocks using redundant authoritative time sources.V-246938MEDIUMONTAP must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).V-246939MEDIUMONTAP must enforce access restrictions associated with changes to the device configuration.V-246940HIGHONTAP must be configured to use an authentication server to provide multifactor authentication.V-246944MEDIUMONTAP must be configured to conduct backups of system level information.V-246945MEDIUMONTAP must use DoD-approved PKI rather than proprietary or self-signed device certificates.V-246946HIGHONTAP must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.V-246947MEDIUMONTAP must be configured to authenticate each administrator prior to authorizing privileges based on assignment of group or role.V-246948MEDIUMONTAP must implement replay-resistant authentication mechanisms for network access to privileges accounts.V-246949MEDIUMONTAP must be configured to authenticate SNMP messages using FIPS-validated Keyed-HMAC.V-246950MEDIUMONTAP must authenticate NTP sources using authentication that is cryptographically based.V-246951MEDIUMONTAP must enforce a minimum 15-character password length.V-246952MEDIUMONTAP must enforce password complexity by requiring that at least one uppercase character be used.V-246953MEDIUMONTAP must enforce password complexity by requiring that at least one lowercase character be used.V-246954MEDIUMONTAP must enforce password complexity by requiring that at least one numeric character be used.V-246955MEDIUMONTAP must enforce password complexity by requiring that at least one special character be used.V-246958HIGHONTAP must be configured to implement cryptographic mechanisms using FIPS 140-2.V-246959HIGHONTAP must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.V-246964HIGHONTAP must be configured to send audit log data to a central log server.