FAS and V-Series Storage Systems Discussions

PKI or Two-factor Authentication between management console and fabric


We have NetApp FAS 3220 storage controllers on a DoD network.  We are required to apply DISA STIG settings from Storage Area Network STIG :: Release: 2 Benchmark Date: 25 Oct 2013.  If you don't know what this is, this is basically the DoD required security settings for specific hardware/software.  The specific item we are looking for a solution to is V-6637 from the SAN STIG that states: Communications from the management console to the SAN fabric are not protected strong two-factor authentication. Using two-factor authentication between the SAN management console and the fabric enhances the security of the communications carrying privileged functions. It is harder for an unauthorized management console to take control of the SAN. The preferred solution for two-factor authentication is DoD PKI implemented on the CAC or Alternative (Alt) token.


Our technical team tells me that there is no capability to implement this requirement on NetApp or any other SAN for that matter.  Can anyone confirm that this is the case or suggest a solution?


Thank you.





and tr3649 tr3834... not too sure about cmode


hopefully helps


NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner