If you missed the pre-registration for NetApp MS Azure AD B2C, the new login prompt will offer the option to register. Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

NetApp secure configuration - Tenable? DISA? Bueller?

colsen

Hello,

 

This is sort of an open-ended question - more seeing what folks out there are doing in this particular space than necessarily looking for the "right" answer.  Anyway, we've dabbled with various approaches to standardizing our Data ONTAP builds and security lock-down procedures.  Several years ago, we worked with our Nessus scanning team to integrate the Tenable compliance template for NetApp into their scanners (for our 7mode systems):

 

https://www.tenable.com/blog/nessus-now-secures-netapp-data-ontap

 

This wasn't a perfect check, but it was a nice view to show to auditors and it gave us a warm fuzzy that we weren't leaving anything obvious hanging in the breeze.  We'd also leverage the OpsMgr configuration comparison tool to see if a new 7mode system that we rolled out was substantively different (security-wise) than our already built "gold" systems.  

 

Fast forward to ONTAP and a lot of those tools are gone.  NetApp and Tenable haven't collaborated on an ONTAP 9.x compliance template and the configuration comparison tools have sort of lagged behind the times as well.  We’ve mostly relied up on the TRs and such associated with best practices and built audit files for our provisioning procedures.  These work fine at build, but we don’t have our NetApp equipment locked down behind a CM tool (like TripWire) that would “flag” any updated variations to that configuration in compliance with our build standard.

 

Anyway, what else have folks done in this area?  Any great ideas out there for automating cluster provisioning and SVM builds in a secure manner?  Automated checks for security compliance? 

 

Thanks in advance!

 

Chris

0 REPLIES 0
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public