The Standard Mandatory DoD Notice and Consent Banner must be displayed until users acknowledge the usage conditions and take explicit actions to log on for further access.
DISA Rule
SV-85133r1_rule
Vulnerability Number
V-70511
Group Title
SRG-OS-000023-GPOS-00006
Rule Version
HP3P-32-001600
Severity
CAT III
CCI(s)
- CCI-000048 - The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
- CCI-000050 - The information system retains the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the information system.
- CCI-001384 - The information system, for publicly accessible systems, displays system use information organization-defined conditions before granting further access.
- CCI-001385 - The information system, for publicly accessible systems, displays references, if any, to monitoring that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001386 - The information system, for publicly accessible systems, displays references, if any, to recording that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001387 - The information system, for publicly accessible systems, displays references, if any, to auditing that are consistent with privacy accommodations for such systems that generally prohibit those activities.
- CCI-001388 - The information system, for publicly accessible systems, includes a description of the authorized uses of the system.
Weight
10
Fix Recommendation
To configure the SSH login banner, enter the command:
cli% setsshbanner
Enter the following text:
I've read & consent to terms in IS user agreem't
Then press enter twice to conclude setting the SSH banner text.
Check Contents
Verify that the SSH login banner is properly configured.
Enter the following command:
cli% showsshbanner
I've read & consent to terms in IS user agreem't
If the output is not:
"I've read & consent to terms in IS user agreem't"
this is a finding.
Alternatively:
To inspect the banner, login via SSH from a remote host.
If the output shown above is not displayed during SSH authentication, this is a finding.
Vulnerability Number
V-70511
Documentable
False
Rule Version
HP3P-32-001600
Severity Override Guidance
Verify that the SSH login banner is properly configured.
Enter the following command:
cli% showsshbanner
I've read & consent to terms in IS user agreem't
If the output is not:
"I've read & consent to terms in IS user agreem't"
this is a finding.
Alternatively:
To inspect the banner, login via SSH from a remote host.
If the output shown above is not displayed during SSH authentication, this is a finding.
Check Content Reference
M
Target Key
3013
Comments
STIGQter: STIG Summary: HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 28 Jul 2017: