Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
PKI or Two-factor Authentication between management console and fabric
2016-10-26
08:17 AM
2,877 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have NetApp FAS 3220 storage controllers on a DoD network. We are required to apply DISA STIG settings from Storage Area Network STIG :: Release: 2 Benchmark Date: 25 Oct 2013. If you don't know what this is, this is basically the DoD required security settings for specific hardware/software. The specific item we are looking for a solution to is V-6637 from the SAN STIG that states: Communications from the management console to the SAN fabric are not protected strong two-factor authentication. Using two-factor authentication between the SAN management console and the fabric enhances the security of the communications carrying privileged functions. It is harder for an unauthorized management console to take control of the SAN. The preferred solution for two-factor authentication is DoD PKI implemented on the CAC or Alternative (Alt) token.
Our technical team tells me that there is no capability to implement this requirement on NetApp or any other SAN for that matter. Can anyone confirm that this is the case or suggest a solution?
Thank you.
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
check
https://fieldportal.netapp.com/collections/212894?ia=true
and tr3649 tr3834... not too sure about cmode
hopefully helps
Jeff