STIGQter STIGQter: STIG Summary: HP FlexFabric Switch NDM Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The HP FlexFabric Switch must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.

DISA Rule

SV-80453r1_rule

Vulnerability Number

V-65963

Group Title

SRG-APP-000001-NDM-000200

Rule Version

HFFS-ND-000001

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the HP FlexFabric Switch to limit the number of concurrent sessions to an organization-defined number for all administrator accounts and administrator account types as shown in the following example:

[HP] local-user admin
[HP-luser-manage-admin] access-limit 3

Check Contents

Review the HP FlexFabric Switch configuration to see if it limits the number of concurrent sessions to an organization-defined number for all administrator accounts and/or administrator account types:

[HP] display local-user

Device management user test:
State: Active
Service type: None
Access limit: Enabled Max access number: 3
Current access number: 0
User group: system
Bind attributes:
Authorization attributes:
Work directory: cfa0:
User role list: network-admin

If "Max access number:" line is not present, this is a finding.

Vulnerability Number

V-65963

Documentable

False

Rule Version

HFFS-ND-000001

Severity Override Guidance

Review the HP FlexFabric Switch configuration to see if it limits the number of concurrent sessions to an organization-defined number for all administrator accounts and/or administrator account types:

[HP] display local-user

Device management user test:
State: Active
Service type: None
Access limit: Enabled Max access number: 3
Current access number: 0
User group: system
Bind attributes:
Authorization attributes:
Work directory: cfa0:
User role list: network-admin

If "Max access number:" line is not present, this is a finding.

Check Content Reference

M

Target Key

2971

Comments