STIGQter: STIG Summary: HP FlexFabric Switch NDM Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The HP FlexFabric Switch must enforce approved authorizations for controlling the flow of management information within the HP FlexFabric Switch based on information flow control policies.

DISA Rule

SV-80643r1_rule

Vulnerability Number

V-66153

Group Title

SRG-APP-000038-NDM-000213

Rule Version

HFFS-ND-000014

Severity

CAT II

CCI(s)

• CCI-001368 - The information system enforces approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

Configure the HP FlexFabric Switch for controlling the flow of management information within the HP FlexFabric Switch based on information flow control policies. Below is an example for an ACL configuration:

[HP] acl number 3000
[HP-acl-adv-3000] description ACL to block traffic with invalid address
[HP-acl-adv-3000] rule 0 permit icmp source 10.0.0.0 0.255.255.255
[HP-acl-adv-3000] rule 1 deny ip source 172.16.0.0 0.15.255.255
[HP-acl-adv-3000] rule 2 deny ip source 192.168.0.0 0.0.255.255
[HP-acl-adv-3000] rule 3 deny ip source 169.254.0.0 0.0.255.255
[HP-acl-adv-3000] rule 6 deny ip source 127.0.0.0 0.255.255.255

[HP] interface Vlan-interface 192
[HP-Vlan-interface192] packet-filter 3000 inbound

Check Contents

Review the HP FlexFabric Switch configuration to determine if ACLs were configured for controlling the flow of management information within the HP FlexFabric Switch based on information flow control policies:

[HP] display current-configuration

acl number 3000
description ACL to block traffic with invalid address
rule 0 permit icmp source 10.0.0.0 0.255.255.255
rule 1 deny ip source 172.16.0.0 0.15.255.255
rule 2 deny ip source 192.168.0.0 0.0.255.255
rule 3 deny ip source 169.254.0.0 0.0.255.255
rule 6 deny ip source 127.0.0.0 0.255.255.255

If ACLs are not configured for controlling the flow of management information within the HP FlexFabric Switch based on information flow control policies , this is a finding.

Vulnerability Number

V-66153

Documentable

False

Rule Version

HFFS-ND-000014

Severity Override Guidance

Review the HP FlexFabric Switch configuration to determine if ACLs were configured for controlling the flow of management information within the HP FlexFabric Switch based on information flow control policies:

[HP] display current-configuration

acl number 3000
description ACL to block traffic with invalid address
rule 0 permit icmp source 10.0.0.0 0.255.255.255
rule 1 deny ip source 172.16.0.0 0.15.255.255
rule 2 deny ip source 192.168.0.0 0.0.255.255
rule 3 deny ip source 169.254.0.0 0.0.255.255
rule 6 deny ip source 127.0.0.0 0.255.255.255

If ACLs are not configured for controlling the flow of management information within the HP FlexFabric Switch based on information flow control policies , this is a finding.

Check Content Reference

M

Target Key

2971

Comments