NetApp Security Hardening Guide for ONTAP 9 v1.7.0

Audit Details

Name: NetApp Security Hardening Guide for ONTAP 9 v1.7.0

Updated: 12/14/2023

Authority: NetApp

Plugin: Netapp_API

Revision: 1.7

Estimated Item Count: 59

File Details

Filename: NetApp_ONTAP_9_Hardening_Guide_v1.7.0.audit

Size: 119 kB

MD5: f2f3994337c3afa27f93c49dd5b9c683
SHA256: e7cdd29db031ba4fce684c8a884be8f2b347ffd067998fd3dde29a1c4e32b5a0

Audit Items

DescriptionCategories
3.1 - Roles, Applications, and Authentication - Review authentication methods
3.1 - Roles, Applications, and Authentication - Review custom roles

ACCESS CONTROL

3.1 - Roles, Applications, and Authentication - RSH is disabled

CONFIGURATION MANAGEMENT

3.1 - Roles, Applications, and Authentication - Telnet is disabled

CONFIGURATION MANAGEMENT

3.1 - Roles, Applications, and Authentication - Use of secure applications
3.2 - Default Accounts - Admin user has been renamed - create new admin

ACCESS CONTROL

3.2 - Default Accounts - Admin user has been renamed - default admin disabled or deleted
3.2 - Default Accounts - Review default accounts

ACCESS CONTROL

3.3 - Certificate-Based API Access
3.4 - Login and Password Parameters - Account expiration time
3.4 - Login and Password Parameters - Account inactivity time
3.4 - Login and Password Parameters - Account Maximum Failed Attempts <= 5
3.4 - Login and Password Parameters - Delay after failed login <= 4 seconds
3.4 - Login and Password Parameters - Delay between password changes <= 1
3.4 - Login and Password Parameters - Hash Algorithm SHA512
3.4 - Login and Password Parameters - Lockout Duration <= 1 Day
3.4 - Login and Password Parameters - Password Alphanumeric = true
3.4 - Login and Password Parameters - Password Expiration Time <=90 days

IDENTIFICATION AND AUTHENTICATION

3.4 - Login and Password Parameters - Password expiration warning

IDENTIFICATION AND AUTHENTICATION

3.4 - Login and Password Parameters - Password minimum digits <= 1
3.4 - Login and Password Parameters - Password Minimum Length >= 8
3.4 - Login and Password Parameters - Password minimum lowercase <= 1
3.4 - Login and Password Parameters - Password Minimum Special Characters >= 1
3.4 - Login and Password Parameters - Password minimum uppercase <= 1
3.4 - Login and Password Parameters - Password Require Initial Update = true
3.4 - Login and Password Parameters - Passwords Disallow Reuse >= 6

IDENTIFICATION AND AUTHENTICATION

3.4 - Login and Password Parameters - Username Alphanumeric = false
3.4 - Login and Password Parameters - Username Minimum Lenth >= 3
4.1 - System Administration Methods - CLI Session Timeout
4.1 - System Administration Methods - Login Banner

ACCESS CONTROL

4.1 - System Administration Methods - Message of the Day

ACCESS CONTROL

5.1 - Storage Administrative System Auditing - Log Forwarding enabled

AUDIT AND ACCOUNTABILITY

5.1 - Storage Administrative System Auditing - Log Forwarding protocol tcp-encrypted

AUDIT AND ACCOUNTABILITY

5.2 - Storage Administrative System Auditing - Event Notifications

AUDIT AND ACCOUNTABILITY

6 - Storage Encryption
7 - Data Replication Encryption
8 - Managing TLS and SSL - FIPS 140-2 Enabled

SYSTEM AND COMMUNICATIONS PROTECTION

8 - Managing TLS and SSL - SSLv3 disabled

SYSTEM AND COMMUNICATIONS PROTECTION

8 - Managing TLS and SSL - Supported Ciphers

SYSTEM AND COMMUNICATIONS PROTECTION

8 - Managing TLS and SSL - TLSv1 disabled

SYSTEM AND COMMUNICATIONS PROTECTION

10 - Online Certificate Status Protocol
11 - Managing SSHv2 - Ciphers
11 - Managing SSHv2 - Key Exchange Algorithms
11 - Managing SSHv2 - MAC Algorithms
11 - Managing SSHv2 - Max Authentication Retry Count
12 - AutoSupport - Enabled
12 - AutoSupport - Remove Private Data

SYSTEM AND INFORMATION INTEGRITY

12 - AutoSupport - Transport type
13 - Network Time Protocol

AUDIT AND ACCOUNTABILITY

14 - NAS File System Local Accounts - Use NTLM Authentication with CIFS Workgroups