STIGQter: STIG Summary: HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 28 Jul 2017:

The CIM service must be disabled, unless needed.

DISA Rule

SV-85107r3_rule

Vulnerability Number

V-70485

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

HP3P-32-001002

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Disable the non-essential CIM feature and remove the associated account with the following commands:

cli% stopcim -f
CIM server stopped successfully.

cli% removeuser 3parcimuser

Confirm the operation with "y".

Check Contents

Verify that CIM is not running with the following command:

cli% showcim

Review the requirements by the Information Owner to determine whether the site requires a CIM management client in order to meet mission objectives.

If the output does not report the CIM "Service" is "Disabled" and there is no documented requirement for this usage, this is a finding.

If the output does not report the CIM service "State" is "Inactive" and there is no documented requirement for this usage, this is a finding.

Vulnerability Number

V-70485

Documentable

False

Rule Version

HP3P-32-001002

Severity Override Guidance

Verify that CIM is not running with the following command:

cli% showcim

Review the requirements by the Information Owner to determine whether the site requires a CIM management client in order to meet mission objectives.

If the output does not report the CIM "Service" is "Disabled" and there is no documented requirement for this usage, this is a finding.

If the output does not report the CIM service "State" is "Inactive" and there is no documented requirement for this usage, this is a finding.

Check Content Reference

M

Target Key

3013

Comments