STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to STIGs

HPE Alletra Storage ArcusOS Network Device Management Security Technical Implementation Guide

Version

V1R1

Release Date

Mar 3, 2026

SCAP Benchmark ID

HPE_Alletra_Storage_ArcusOS_NDM_STIG

Total Checks

19

Tags

network
CAT I: 6CAT II: 13CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (19)

V-283358MEDIUMThe HPE Alletra Storage ArcusOS device must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the device.V-283377HIGHThe HPE Alletra Storage ArcusOS device must be configured to prohibit using all unnecessary and/or nonsecure ports, protocols, and/or services.V-283378MEDIUMThe HPE Alletra Storage ArcusOS device must be configured with only one local interactive account to be used as the account of last resort in the event the authentication server is unavailable.V-283381MEDIUMThe HPE Alletra Storage ArcusOS device must enforce a minimum 15-character password length.V-283382MEDIUMThe HPE Alletra Storage ArcusOS device must enforce password complexity by requiring at least one uppercase character, one lowercase character, one numeric character, and one special character be used.V-283387HIGHThe HPE Alletra Storage ArcusOS device must use FIPS 140-approved algorithms for authentication to a cryptographic module.V-283388HIGHThe HPE Alletra Storage ArcusOS device must terminate all network connections at the end of the session, or the session must be terminated after five minutes of inactivity, except to fulfill documented and validated mission requirements.V-283400MEDIUMThe HPE Alletra Storage ArcusOS device must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.V-283401MEDIUMThe HPE Alletra Storage ArcusOS device must allocate a set number of audit records that can be stored on the system in accordance with organization-defined audit record storage requirements.V-283402MEDIUMThe HPE Alletra Storage ArcusOS device must have an SNMPv3 user account configured.V-283403MEDIUMThe HPE Alletra Storage ArcusOS device must be configured to collect and send SNMPv3 notifications.V-283404MEDIUMThe HPE Alletra Storage ArcusOS device must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).V-283409MEDIUMThe HPE Alletra Storage ArcusOS device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).V-283410MEDIUMThe HPE Alletra Storage ArcusOS device must authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.V-283414MEDIUMThe HPE Alletra Storage ArcusOS device must install security-relevant firmware updates within 30 days unless the time period is directed by an authoritative source (e.g., IAVM, CTOs, DTMs, STIGs).V-283425HIGHThe HPE Alletra Storage ArcusOS device must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.V-283429HIGHThe HPE Alletra Storage ArcusOS device must be configured to send log data to at least one central log server for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). For boundary devices, two log servers are required.V-283430HIGHThe HPE Alletra Storage ArcusOS device must be running an operating system release that is currently supported by the vendor.V-283437MEDIUMThe HPE Alletra Storage ArcusOS device must be configured to protect nonlocal maintenance sessions by separating the maintenance session from other network sessions with the system by logically separated communications paths.