This page provides a list of recommended secure configuration checks for HCP object storage, and is periodically updated. Hitachi Content Platform (HCP) is a modern cloud and object storage software solution deployed as a physical or virtual appliance.
ID | System | Category | Configuration check |
K011CI0M0100 | Hitachi Content Platform (HCP) | Access Control | Access control lists status |
K051CI0MP105 | Hitachi Content Platform (HCP) | Access Control | ACL for Search Console for the default tenant |
K051CI00P110 | Hitachi Content Platform (HCP) | Access Control | Anonymous user access enabled |
K011CI0MP115 | Hitachi Content Platform (HCP) | Access Control | CIFS ACL configured |
K011CI0M0120 | Hitachi Content Platform (HCP) | Access Control | CIFS required allow list |
K011C00MP125 | Hitachi Content Platform (HCP) | Access Control | CIFS required deny list |
K011CI0MP130 | Hitachi Content Platform (HCP) | Access Control | Console Security ACL configured |
K011CI0MP135 | Hitachi Content Platform (HCP) | Access Control | Console Security required allow list |
K011CI0MP140 | Hitachi Content Platform (HCP) | Access Control | Console Security required deny list |
K011CI0MP145 | Hitachi Content Platform (HCP) | Access Control | CORS Allowed Origins configuration |
K011CI00P150 | Hitachi Content Platform (HCP) | Access Control | Default shredding setting |
K091CI0MP155 | Hitachi Content Platform (HCP) | Access Control | Disabling inactive users |
K031CI0MP160 | Hitachi Content Platform (HCP) | Access Control | Exclusive support access credentials |
K011CI0MP165 | Hitachi Content Platform (HCP) | Access Control | HCP Anywhere console ACL |
K011CI0MP170 | Hitachi Content Platform (HCP) | Access Control | HCP Anywhere idle session timeout |
K011CI0MP175 | Hitachi Content Platform (HCP) | Access Control | HCP Anywhere login message |
K011CI0M0180 | Hitachi Content Platform (HCP) | Access Control | HTTP ACL configured |
K011CI00P185 | Hitachi Content Platform (HCP) | Access Control | HTTP required allow list |
K021CI0MP190 | Hitachi Content Platform (HCP) | Access Control | HTTP required deny list |
K011C000P195 | Hitachi Content Platform (HCP) | Access Control | Inactivity timeout |
K011CI0MP200 | Hitachi Content Platform (HCP) | Access Control | Login warning banner |
K011CI0MP205 | Hitachi Content Platform (HCP) | Access Control | management API ACL |
K011CI0MP210 | Hitachi Content Platform (HCP) | Access Control | NFS ACL configured |
K011CI0MP215 | Hitachi Content Platform (HCP) | Access Control | NFS required allow list |
K011CI0MP220 | Hitachi Content Platform (HCP) | Access Control | SMTP ACL configured |
K011CI0MP225 | Hitachi Content Platform (HCP) | Access Control | SMTP required allow list |
K011CI0MP230 | Hitachi Content Platform (HCP) | Access Control | SMTP required deny list |
K011CI0MP235 | Hitachi Content Platform (HCP) | Access Control | Tenant administration allowed |
K031CI0MP240 | Hitachi Content Platform (HCP) | Audit Logging | NTP configuration |
K011CI0MP245 | Hitachi Content Platform (HCP) | Audit Logging | NTP server redundancy |
K011CI0MP250 | Hitachi Content Platform (HCP) | Audit Logging | Syslog - send security events |
K011CI0M0255 | Hitachi Content Platform (HCP) | Audit Logging | Syslog - shredded object messages |
K011CI0MP260 | Hitachi Content Platform (HCP) | Audit Logging | Syslog min level |
K011CI0MP265 | Hitachi Content Platform (HCP) | Audit Logging | Syslog Send compliance events |
K011CI0MP270 | Hitachi Content Platform (HCP) | Audit Logging | Syslog Send log messages for HTTP-based data access requests. |
K011CI0MP275 | Hitachi Content Platform (HCP) | Audit Logging | Syslog Send log messages for management API requests |
K011CI0MP280 | Hitachi Content Platform (HCP) | Audit Logging | syslog server list |
K121C00MP285 | Hitachi Content Platform (HCP) | Audit Logging | Tenant syslog enabled |
K011CI0MP290 | Hitachi Content Platform (HCP) | Authentication | Account lockout threshold |
K011CI00P295 | Hitachi Content Platform (HCP) | Authentication | Active Directory status |
K011CI0MP300 | Hitachi Content Platform (HCP) | Authentication | CIFS Authentication |
K031CI0MP305 | Hitachi Content Platform (HCP) | Authentication | HCP Anywhere max password age |
K011CI0MP310 | Hitachi Content Platform (HCP) | Authentication | HCP Anywhere minimum password length |
K011CI0MP315 | Hitachi Content Platform (HCP) | Authentication | HCP Anywhere default password |
K011CI0MP320 | Hitachi Content Platform (HCP) | Authentication | HCP default password |
K011CI0MP325 | Hitachi Content Platform (HCP) | Authentication | HCP Gateway Console Admin default password |
K011CI0M0330 | Hitachi Content Platform (HCP) | Authentication | HCP Gateway default password |
K141CI000335 | Hitachi Content Platform (HCP) | Authentication | HCP Gateway Linux OS default password |
K011CI0M0340 | Hitachi Content Platform (HCP) | Authentication | HS3 authentication |
K011CI0MP345 | Hitachi Content Platform (HCP) | Authentication | HSwift authentication |
K011CI0MP350 | Hitachi Content Platform (HCP) | Authentication | HTTP AD SSO enabled |
K011CI00P355 | Hitachi Content Platform (HCP) | Authentication | Maximum password age |
K021CI0MP360 | Hitachi Content Platform (HCP) | Authentication | Minimum password length |
K011C00MP365 | Hitachi Content Platform (HCP) | Authentication | NTLMv2 authentication |
K011C00MP370 | Hitachi Content Platform (HCP) | Authentication | Radius server configuration |
K011CI0MP375 | Hitachi Content Platform (HCP) | Authentication | Required RADIUS Server |
K011CI0MP380 | Hitachi Content Platform (HCP) | Authentication | Required RADIUS Server |
K011CI0MP385 | Hitachi Content Platform (HCP) | Authentication | Rest authentication |
K091CI00P390 | Hitachi Content Platform (HCP) | Authentication | REST token timeout limit |
K011CI0MP395 | Hitachi Content Platform (HCP) | Authentication | SMTP authentication |
K011CI0MP400 | Hitachi Content Platform (HCP) | Authentication | SNMP community string |
K011CI0MP405 | Hitachi Content Platform (HCP) | Authentication | Tenant authentication services |
K071CI00P410 | Hitachi Content Platform (HCP) | Authentication | Tenant user authentication mode |
K061CI00P415 | Hitachi Content Platform (HCP) | Authentication | WebDAV authentication |
K011CI0MP420 | Hitachi Content Platform (HCP) | Authorization | Approved admin user/group |
K011CI0MP425 | Hitachi Content Platform (HCP) | Authorization | Min permission properties for authenticated users |
K071CI00P430 | Hitachi Content Platform (HCP) | Authorization | NFS default UID/GID |
K011CI0MP435 | Hitachi Content Platform (HCP) | Authorization | Object permission hardening |
K011CI0MP440 | Hitachi Content Platform (HCP) | Authorization | Permissions for anonymous users |
K011CI0MP445 | Hitachi Content Platform (HCP) | Authorization | Permissions for authenticated users |
K041CI0MP450 | Hitachi Content Platform (HCP) | Authorization | SNMP write/update status |
K041CI0MP455 | Hitachi Content Platform (HCP) | Authorization | Systemwide permission mask |
K011C000P460 | Hitachi Content Platform (HCP) | Backup and Recovery | Automatically fail over |
K011CI0MP465 | Hitachi Content Platform (HCP) | Backup and Recovery | Data retention mode |
K011C00MP470 | Hitachi Content Platform (HCP) | Backup and Recovery | Data retention period |
K011CI0MP475 | Hitachi Content Platform (HCP) | Backup and Recovery | Default data retention mode |
K011CI00P480 | Hitachi Content Platform (HCP) | Backup and Recovery | Default namespace replication status |
K011CI0MP485 | Hitachi Content Platform (HCP) | Backup and Recovery | Default namespace versioning pruning |
K011CI0MP490 | Hitachi Content Platform (HCP) | Backup and Recovery | Default namespace versioning settings |
K041CI00P495 | Hitachi Content Platform (HCP) | Backup and Recovery | Default retention |
K011CI0MP500 | Hitachi Content Platform (HCP) | Backup and Recovery | Object versioning protection |
K091CI00P505 | Hitachi Content Platform (HCP) | Backup and Recovery | Protection service status |
K011CI0MP510 | Hitachi Content Platform (HCP) | Backup and Recovery | Replication link configuration |
K011CI0MP515 | Hitachi Content Platform (HCP) | Backup and Recovery | Replication mode |
K071CI00P520 | Hitachi Content Platform (HCP) | Backup and Recovery | Tenant replication allowed |
K011CI0MP525 | Hitachi Content Platform (HCP) | Backup and Recovery | Tenant retention mode administration |
K011CI0MP530 | Hitachi Content Platform (HCP) | Backup and Recovery | Tenant versioning configuration enabled |
K011CI0MP535 | Hitachi Content Platform (HCP) | Configuration Management | atime synchronization |
K011CI0M0540 | Hitachi Content Platform (HCP) | Configuration Management | CLI tool conf file |
K011CI0MP545 | Hitachi Content Platform (HCP) | Configuration Management | CLI tool installations list |
K611CI00P550 | Hitachi Content Platform (HCP) | Configuration Management | DNS configuration |
K011CI00P555 | Hitachi Content Platform (HCP) | Configuration Management | Enable scheduled updates to HDvM |
K081CI0MP560 | Hitachi Content Platform (HCP) | Configuration Management | Enterprise mode |
K011CI00P565 | Hitachi Content Platform (HCP) | Configuration Management | Erasure coding |
K011CI0MP570 | Hitachi Content Platform (HCP) | Configuration Management | HCP edge awservice.conf |
K011CI0MP575 | Hitachi Content Platform (HCP) | Configuration Management | HCP Gateway sam.properties |
K081CI0MP580 | Hitachi Content Platform (HCP) | Configuration Management | Management and data network separation (VLAN tagging) |
K051CI00P585 | Hitachi Content Platform (HCP) | Configuration Management | Node list |
K011CI0MP590 | Hitachi Content Platform (HCP) | Configuration Management | Object custom metadata checking |
K081CI00P595 | Hitachi Content Platform (HCP) | Configuration Management | Retain period for deletion records |
K011CI00P600 | Hitachi Content Platform (HCP) | Configuration Management | Server BIOS configuration |
K011CI0MP605 | Hitachi Content Platform (HCP) | Configuration Management | shredding algorithm |
K011CI0MP610 | Hitachi Content Platform (HCP) | Configuration Management | Target BMC firmware |
K011CI00P615 | Hitachi Content Platform (HCP) | Configuration Management | Target HBA firmware |
K021C00MP620 | Hitachi Content Platform (HCP) | Configuration Management | Target HCP Anywhere Edge release |
K011CI0MP625 | Hitachi Content Platform (HCP) | Configuration Management | Target HCP Anywhere release |
K011CI0MP630 | Hitachi Content Platform (HCP) | Configuration Management | Target HCP Gateway release |
K011CI0MP635 | Hitachi Content Platform (HCP) | Configuration Management | Target HCP version |
K081CI00P640 | Hitachi Content Platform (HCP) | Configuration Management | Target RAID controller firmware |
K011CI0MP645 | Hitachi Content Platform (HCP) | Data Integrity | Content Verification service |
K011CI0MP650 | Hitachi Content Platform (HCP) | Encryption | 3DES Ciphers status |
K011CI0MP655 | Hitachi Content Platform (HCP) | Encryption | Active Directory with SSL |
K011CI0MP660 | Hitachi Content Platform (HCP) | Encryption | Approved KMIP servers |
K031CI0MP665 | Hitachi Content Platform (HCP) | Encryption | Certificate expiry |
K031CI00P670 | Hitachi Content Platform (HCP) | Encryption | Compress objects criteria |
K011CI00P675 | Hitachi Content Platform (HCP) | Encryption | Compress objects Exclusion criteria |
K011CI00P680 | Hitachi Content Platform (HCP) | Encryption | Data at rest encryption |
K011CI0MP685 | Hitachi Content Platform (HCP) | Encryption | Default namespace hashing algorithm |
K011CI00P690 | Hitachi Content Platform (HCP) | Encryption | HCP Anywhere HTTP SSL |
K081CI0MP695 | Hitachi Content Platform (HCP) | Encryption | KMIP Server configuration |
K011CI00P700 | Hitachi Content Platform (HCP) | Encryption | Namespace hashing algorithm |
K011CI00P705 | Hitachi Content Platform (HCP) | Encryption | Replication links encryption |
K011CI0MP710 | Hitachi Content Platform (HCP) | Encryption | Required KMIP servers |
K011CI0MP715 | Hitachi Content Platform (HCP) | Encryption | Self-signed certificate |
K011CI00P720 | Hitachi Content Platform (HCP) | Encryption | SMTP security protocol |
K011CI0MP725 | Hitachi Content Platform (HCP) | Encryption | SSL renegotiation |
K011CI0MP730 | Hitachi Content Platform (HCP) | Encryption | TLS Level |
K051CI0MP735 | Hitachi Content Platform (HCP) | Encryption | Trusted certificate issuer |
K011CI0MP740 | Hitachi Content Platform (HCP) | Hardening | DNS TSIG |
K011CI0M0745 | Hitachi Content Platform (HCP) | Hardening | HDvM port |
K011CI0MP750 | Hitachi Content Platform (HCP) | Hardening | PVLAN status |
K041CI0MP755 | Hitachi Content Platform (HCP) | Hardening | Tenant management network separation |
K041CI0MP760 | Hitachi Content Platform (HCP) | Monitoring | email recipients |
K021CI00P765 | Hitachi Content Platform (HCP) | Monitoring | Security email notification |
K011CI0MP770 | Hitachi Content Platform (HCP) | Monitoring | SNMP - send security events |
K011CI0MP775 | Hitachi Content Platform (HCP) | Monitoring | SNMP ACL |
K011CI0MP780 | Hitachi Content Platform (HCP) | Monitoring | SNMP manager |
K011CI0MP785 | Hitachi Content Platform (HCP) | Monitoring | SNMP min level |
K011CI00P790 | Hitachi Content Platform (HCP) | Monitoring | SNMP Send compliance events |
K011CI0MP795 | Hitachi Content Platform (HCP) | Services and Protocols | CIFS Enabled |
K011CI0MP800 | Hitachi Content Platform (HCP) | Services and Protocols | HCP FTP check |
K031CI0MP805 | Hitachi Content Platform (HCP) | Services and Protocols | HCP telnet check |
K011CI00P810 | Hitachi Content Platform (HCP) | Services and Protocols | HS3 status |
K011CI0MP815 | Hitachi Content Platform (HCP) | Services and Protocols | HSwift status |
K011CI0MP820 | Hitachi Content Platform (HCP) | Services and Protocols | HTTP status |
K011CI0MP825 | Hitachi Content Platform (HCP) | Services and Protocols | HTTPS status |
K011CI0MP830 | Hitachi Content Platform (HCP) | Services and Protocols | NFS status |
K011CI0MP835 | Hitachi Content Platform (HCP) | Services and Protocols | Ping status |
K091CI0MP840 | Hitachi Content Platform (HCP) | Services and Protocols | Public Link endpoints |
K011CI00P845 | Hitachi Content Platform (HCP) | Services and Protocols | Rest status |
K011CI0MP850 | Hitachi Content Platform (HCP) | Services and Protocols | SMBv1 status |
K061CI0-P855 | Hitachi Content Platform (HCP) | Services and Protocols | SMTP status |
K061CI0MP860 | Hitachi Content Platform (HCP) | Services and Protocols | SNMP version |
K011CI00P865 | Hitachi Content Platform (HCP) | Services and Protocols | SSH status |
K031CI00P870 | Hitachi Content Platform (HCP) | Services and Protocols | Tenant SNMP status |
K011CI0MP875 | Hitachi Content Platform (HCP) | Services and Protocols | WebDAV status |
... and more. |
NOTE: Additional security baseline checks should be performed against HCP node servers, Hitachi Data Ingestor (HDI), HCP Anywhere, HCP plugins, Hitachi Device Manager, Hitachi Content Platform Gateway, HCP Anywhere Edge, HNAS, HCP for Cloud Scale, HCP CLI tool, HCP Data Migrator (HCP-DM) and other Hitachi software components.
Interested to learn about StorageGuard Security Posture Management for HCP?
|
||
|
|
Comments
0 comments
Please sign in to leave a comment.