| Checked | Name | Title |
|---|
| ☐ | SV-80453r1_rule | The HP FlexFabric Switch must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type. |
| ☐ | SV-80631r1_rule | The HP FlexFabric Switch must automatically disable accounts after a 35-day period of account inactivity. |
| ☐ | SV-80633r1_rule | The HP FlexFabric Switch must automatically audit account creation. |
| ☐ | SV-80635r1_rule | The HP FlexFabric Switch must automatically audit account modification. |
| ☐ | SV-80637r1_rule | The HP FlexFabric Switch must automatically audit account disabling actions. |
| ☐ | SV-80639r1_rule | The HP FlexFabric Switch must automatically audit account removal actions. |
| ☐ | SV-80641r1_rule | The HP FlexFabric Switch must enforce the assigned privilege level for each administrator and authorizations for access to all commands relative to the privilege level in accordance with applicable policy for the device. |
| ☐ | SV-80643r1_rule | The HP FlexFabric Switch must enforce approved authorizations for controlling the flow of management information within the HP FlexFabric Switch based on information flow control policies. |
| ☐ | SV-80645r1_rule | The HP FlexFabric Switch must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. |
| ☐ | SV-80647r1_rule | The HP FlexFabric Switch must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device. |
| ☐ | SV-80649r1_rule | The HP FlexFabric Switch must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log on for further access. |
| ☐ | SV-80651r1_rule | Upon successful logon, the HP FlexFabric Switch must notify the administrator of the date and time of the last logon. |
| ☐ | SV-80653r1_rule | Upon successful logon, the HP FlexFabric Switch must notify the administrator of the number of unsuccessful logon attempts since the last successful logon. |
| ☐ | SV-80655r1_rule | The HP FlexFabric Switch must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation. |
| ☐ | SV-80657r1_rule | The HP FlexFabric Switch must provide audit record generation capability for DoD-defined auditable events within the HP FlexFabric Switch. |
| ☐ | SV-80661r1_rule | The HP FlexFabric Switch must generate audit records when successful/unsuccessful attempts to access privileges occur. |
| ☐ | SV-80663r1_rule | The HP FlexFabric Switch must initiate session auditing upon startup. |
| ☐ | SV-80665r1_rule | The HP FlexFabric Switch must produce audit log records containing sufficient information to establish what type of event occurred. |
| ☐ | SV-80667r1_rule | The HP FlexFabric Switch must produce audit records containing information to establish when (date and time) the events occurred. |
| ☐ | SV-80669r1_rule | The HP FlexFabric Switch must produce audit records containing information to establish where the events occurred. |
| ☐ | SV-80671r1_rule | The HP FlexFabric Switch must produce audit log records containing information to establish the source of events. |
| ☐ | SV-80673r1_rule | The HP FlexFabric Switch must produce audit records that contain information to establish the outcome of the event. |
| ☐ | SV-80675r1_rule | The HP FlexFabric Switch must generate audit records containing information that establishes the identity of any individual or process associated with the event. |
| ☐ | SV-80677r1_rule | The HP FlexFabric Switch must generate audit records containing the full-text recording of privileged commands. |
| ☐ | SV-80679r1_rule | The HP FlexFabric Switch must use internal system clocks to generate time stamps for audit records. |
| ☐ | SV-80681r1_rule | The HP FlexFabric Switch must protect audit information from any type of unauthorized read access. |
| ☐ | SV-80683r1_rule | The HP FlexFabric Switch must protect audit information from unauthorized modification. |
| ☐ | SV-80685r1_rule | The HP FlexFabric Switch must protect audit information from unauthorized deletion. |
| ☐ | SV-80689r1_rule | The HP FlexFabric Switch must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. |
| ☐ | SV-80691r1_rule | The HP FlexFabric Switch must disable identifiers (individuals, groups, roles, and devices) after 35 days of inactivity. |
| ☐ | SV-80693r1_rule | The HP FlexFabric Switch must enforce a minimum 15-character password length. |
| ☐ | SV-80695r1_rule | The HP FlexFabric Switch must prohibit password reuse for a minimum of five generations. |
| ☐ | SV-80697r1_rule | If multifactor authentication is not supported and passwords must be used, the HP FlexFabric Switch must enforce password complexity by requiring that at least one upper-case character be used. |
| ☐ | SV-80699r1_rule | If multifactor authentication is not supported and passwords must be used, the HP FlexFabric Switch must enforce password complexity by requiring that at least one lower-case character be used. |
| ☐ | SV-80701r1_rule | If multifactor authentication is not supported and passwords must be used, the HP FlexFabric Switch must enforce password complexity by requiring that at least one numeric character be used. |
| ☐ | SV-80703r1_rule | If multifactor authentication is not supported and passwords must be used, the HP FlexFabric Switch must enforce password complexity by requiring that at least one special character be used. |
| ☐ | SV-80705r1_rule | The HP FlexFabric Switch must enforce 24 hours/1 day as the minimum password lifetime. |
| ☐ | SV-80707r1_rule | The HP FlexFabric Switch must enforce a 60-day maximum password lifetime restriction. |
| ☐ | SV-80709r1_rule | The HP FlexFabric Switch, when utilizing PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. |
| ☐ | SV-80711r1_rule | The HP FlexFabric Switch must map the authenticated identity to the user account for PKI-based authentication. |
| ☐ | SV-80713r1_rule | The HP FlexFabric Switch must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements. |
| ☐ | SV-80715r1_rule | Network devices must provide a logoff capability for administrator-initiated communication sessions. |
| ☐ | SV-80717r1_rule | The HP FlexFabric Switch must automatically audit account enabling actions. |
| ☐ | SV-80719r1_rule | The HP FlexFabric Switch must generate an immediate alert for account enabling actions. |
| ☐ | SV-80721r1_rule | If the HP FlexFabric Switch uses discretionary access control, the HP FlexFabric Switch must enforce organization-defined discretionary access control policies over defined subjects and objects. |
| ☐ | SV-80723r1_rule | If the HP FlexFabric Switch uses role-based access control, the HP FlexFabric Switch must enforce organization-defined role-based access control policies over defined subjects and objects. |
| ☐ | SV-80725r1_rule | The HP FlexFabric Switch must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded. |
| ☐ | SV-80727r1_rule | The HP FlexFabric Switch must notify the administrator, upon successful logon (access), of the location of last logon (terminal or IP address) in addition to the date and time of the last logon (access). |
| ☐ | SV-80731r2_rule | The HP FlexFabric Switch must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. |
| ☐ | SV-80733r1_rule | The HP FlexFabric Switch must generate an immediate alert when allocated audit record storage volume reaches 75% of repository maximum audit record storage capacity. |
| ☐ | SV-80735r1_rule | The HP FlexFabric Switch must generate an immediate real-time alert of all audit failure events requiring real-time alerts. |
| ☐ | SV-80737r1_rule | The HP FlexFabric Switch must compare internal information system clocks at least every 24 hours with an authoritative time server. |
| ☐ | SV-80739r1_rule | The HP FlexFabric Switch must synchronize internal information system clocks to the authoritative time source when the time difference is greater than the organization-defined time period. |
| ☐ | SV-80741r1_rule | The HP FlexFabric Switch must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources. |
| ☐ | SV-80743r1_rule | The HP FlexFabric Switch must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). |
| ☐ | SV-80745r1_rule | The HP FlexFabric Switch must record time stamps for audit records that meet a granularity of one second for a minimum degree of precision. |
| ☐ | SV-80747r1_rule | The HP FlexFabric Switch must allow the use of a temporary password for system logons with an immediate change to a permanent password. |
| ☐ | SV-80749r1_rule | Applications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications. |
| ☐ | SV-80751r1_rule | Applications used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications. |
| ☐ | SV-80753r1_rule | The HP FlexFabric Switch must protect against or limit the effects of all known types of Denial of Service (DoS) attacks on the HP FlexFabric Switch management network by employing organization-defined security safeguards. |
| ☐ | SV-80755r1_rule | If the HP FlexFabric Switch uses mandatory access control, the HP FlexFabric Switch must enforce organization-defined mandatory access control policies over all subjects and objects. |
| ☐ | SV-80757r1_rule | The HP FlexFabric Switch must generate audit records when successful/unsuccessful attempts to modify administrator privileges occur. |
| ☐ | SV-80759r1_rule | The HP FlexFabric Switch must generate audit records when successful/unsuccessful attempts to delete administrator privileges occur. |
| ☐ | SV-80761r1_rule | The HP FlexFabric Switch must generate audit records when successful/unsuccessful logon attempts occur. |
| ☐ | SV-80763r1_rule | The HP FlexFabric Switch must generate audit records for privileged activities or other system-level access. |
| ☐ | SV-80765r1_rule | The HP FlexFabric Switch must generate audit records showing starting and ending time for administrator access to the system. |
| ☐ | SV-80767r1_rule | The HP FlexFabric Switch must generate audit records when concurrent logons from different workstations occur. |
| ☐ | SV-80769r1_rule | The HP FlexFabric Switch must generate audit records for all account creations, modifications, disabling, and termination events. |
| ☐ | SV-80771r1_rule | The HP FlexFabric Switch must off-load audit records onto a different system or media than the system being audited. |
| ☐ | SV-80773r1_rule | The HP FlexFabric Switch must notify the administrator of the number of successful logon attempts occurring during an organization-defined time period. |
| ☐ | SV-80775r1_rule | The HP FlexFabric Switch must generate audit log events for a locally developed list of auditable events. |
| ☐ | SV-80777r1_rule | The HP FlexFabric Switch must enforce access restrictions associated with changes to the system components. |
| ☐ | SV-80779r1_rule | The HP FlexFabric Switch must support organizational requirements to conduct backups of system level information contained in the information system when changes occur or weekly, whichever is sooner. |
| ☐ | SV-80781r1_rule | The HP FlexFabric Switch must employ automated mechanisms to assist in the tracking of security incidents. |
| ☐ | SV-80783r1_rule | The HP FlexFabric Switch must obtain its public key certificates from an appropriate certificate policy through an approved service provider. |
| ☐ | SV-80785r1_rule | The HP FlexFabric Switch must have a local account that will only be used as an account of last resort with full access to the network device. |
| ☐ | SV-80787r1_rule | The HP FlexFabric switch must be configured to utilize an authentication server for the purpose of authenticating privilege users, managing accounts, and to centrally verify authentication settings and Personal Identity Verification (PIV) credentials. |
| ☐ | SV-80789r1_rule | The HP FlexFabric switch must be configured to send log data to a syslog server for the purpose of forwarding alerts to the administrators and the ISSO. |
| ☐ | SV-80791r1_rule | The HP FlexFabric switch must be configured to send SNMP traps and notifications to the SNMP manager for the purpose of sending alarms and notifying appropriate personnel as required by specific events. |
STIGQter: STIG Summary: