Articles in this section

See more

Pure FlashArray: Recommended Security Baseline Checks

Avatar
Oz Gabriely
  • Updated

This page provides a list of recommended secure configuration checks for Pure FlashArray, and is periodically updated. FlashArray from Pure Storage is an all-flash enterprise storage platform.

ID System Category Configuration check
K022EI00P0100 Pure FlashArray Access Control Account Lockout duration
K072EI00P0105 Pure FlashArray Access Control Account Lockout threshold
K072EI0MP0110 Pure FlashArray Access Control Anonymous user SMB access is enabled
K072EI0M00115 Pure FlashArray Access Control API token_ttl settings
K022EI0MP0120 Pure FlashArray Access Control Approved admin users / AD groups
K022EI0MP0125 Pure FlashArray Access Control Approved API Clients
K022EI0MP0130 Pure FlashArray Access Control Approved cloud offload targets
K022EI00P0135 Pure FlashArray Access Control Approved pure1 users
K022EI0MP0140 Pure FlashArray Access Control Cloud offload enabled
K022EI0MP0145 Pure FlashArray Access Control Idle session timeout
K022EI0MP0150 Pure FlashArray Access Control Inactive users
K022EI00P0155 Pure FlashArray Access Control Non-default local users
K022EI0MP0160 Pure FlashArray Access Control Remote support auto termination timeout
K022EI00P0165 Pure FlashArray Access Control RemoteAssist state
K022EI00P0170 Pure FlashArray Audit Audit logging status
K022EI0MP0175 Pure FlashArray Audit External logging server
K022EI0MP0180 Pure FlashArray Audit Lossless logging server protocol
K032EI0MP0185 Pure FlashArray Audit NTP server configured
K032EI0MP0190 Pure FlashArray Audit NTP server redundancy
K022EI0MP0195 Pure FlashArray Audit Required NTP servers
K022EI0MP0200 Pure FlashArray Authentication Authentication server configuration
K022E00MP0205 Pure FlashArray Authentication Authentication server redundancy
K022EI0MP0210 Pure FlashArray Authentication CHAP authentication mode
K022EI0MP0215 Pure FlashArray Authentication Default Passwords
K022EI0M00220 Pure FlashArray Authentication DS server authenticity enforcement
K022EI0MP0225 Pure FlashArray Authentication iSCSI CHAP enabled
K022EI0M00230 Pure FlashArray Authentication Kerberos settings
K022EI0000235 Pure FlashArray Authentication LDAP redundancy
K022EI0MP0240 Pure FlashArray Authentication LDAP settings
K022EI0MP0245 Pure FlashArray Authentication Minimum password length
K022EI0MP0250 Pure FlashArray Authentication Multifactor authentication
K022EI0MP0255 Pure FlashArray Authentication Pure1 mutual TLS authentication
K082EI0MP0260 Pure FlashArray Authentication Rest API authentication
K022EI00P0265 Pure FlashArray Authentication SNMP authentication
K022EI00P0270 Pure FlashArray Authentication SNMP Authentication Protocol
K022E00MP0275 Pure FlashArray Authentication SNMP Community string
K022EI0MP0280 Pure FlashArray Authentication SNMP user authentication
K072EI0MP0285 Pure FlashArray Authentication SSO status
K022EI0MP0290 Pure FlashArray Authorization NFS/SMB permission
K022EI0MP0295 Pure FlashArray Authorization Root Squash disabled
K022EI0MP0300 Pure FlashArray Authorization User role configuration
K022EI0MP0305 Pure FlashArray Backup and Recovery Data retention period
K022EI0M00310 Pure FlashArray Backup and Recovery Off-Site Replication Configuration
K022EI0000315 Pure FlashArray Backup and Recovery Secure erase holdout period
K012EI0MP0320 Pure FlashArray Backup and Recovery Tenant replication allowed
K022EI0MP0325 Pure FlashArray Configuration Management Approved snapshot offload targets
K022E00MP0330 Pure FlashArray Configuration Management Atime synchronization
K022EI0MP0335 Pure FlashArray Configuration Management Banner configuration
K022EI0MP0340 Pure FlashArray Configuration Management Central Certificate Authority (CA) status
K022EI0MP0345 Pure FlashArray Configuration Management Certificate Algorithm
K022EI0MP0350 Pure FlashArray Configuration Management Certificate expiry date
K022EI00P0355 Pure FlashArray Configuration Management Certificate key_size
K022EI0MP0360 Pure FlashArray Configuration Management DNS server redundancy
K022EI00P0365 Pure FlashArray Configuration Management DNS service configuration
K042EI00P0370 Pure FlashArray Configuration Management Domain name settings
K042EI0MP0375 Pure FlashArray Configuration Management Enabled applications
K022EI0M00380 Pure FlashArray Configuration Management KMIP/KMS server configuration
K022EI0M00385 Pure FlashArray Configuration Management Pure Storage FA SSMS Extension version
K022EI0MP0390 Pure FlashArray Configuration Management Pure Storage FlashArray PowerShell SDK version
K022EI0MP0395 Pure FlashArray Configuration Management PureStorage Unified Add-on for Splunk version
K022E00MP0400 Pure FlashArray Configuration Management Purity version
K022EI0MP0405 Pure FlashArray Configuration Management Self-signed certificates
K022EI0MP0410 Pure FlashArray Configuration Management SMIS status
K022EI0MP0415 Pure FlashArray Configuration Management Snapshot offload enabled
K022EI0MP0420 Pure FlashArray Configuration Management SNMP trap host configuration
K022EI0MP0425 Pure FlashArray Configuration Management SSL certificate private key configuration
K052EI0MP0430 Pure FlashArray Data Integrity SMB digital signing
K022EI0M00435 Pure FlashArray Encryption API used with SSL verification
K022E00M00440 Pure FlashArray Encryption Data encryption algorithm strength
K022EI0MP0445 Pure FlashArray Encryption Data at-rest encryption
K022EI00P0450 Pure FlashArray Encryption Phonehome HTTPS proxy
K022EI00P0455 Pure FlashArray Encryption Pure1 TLS level
K022EI0MP0460 Pure FlashArray Encryption Secure LDAP
K022EI0MP0465 Pure FlashArray Encryption SMTP with TLS (supported?)
K052EI0MP0470 Pure FlashArray Encryption SNMP message privacy
K022EI0MP0475 Pure FlashArray Encryption SSH cipher strength
K022EI0MP0480 Pure FlashArray Encryption SSH MAC strength
K022EI0MP0485 Pure FlashArray Encryption TLS Level
K022EI0MP0490 Pure FlashArray Hardening CC-compliance mode
K022EI0MP0495 Pure FlashArray Hardening Console lock status
K062EI0MP0500 Pure FlashArray Hardening Pure SafeMode configuration
K062EI0MP0505 Pure FlashArray Hardening Rapid Data Locking configuration
K022EI0M00510 Pure FlashArray Hardening Restricted shell
K022E00MP0515 Pure FlashArray Monitoring Automatic PHONE HOME Enabled
K022EI00P0520 Pure FlashArray Monitoring Mail (SMTP) settings
K022EI00P0525 Pure FlashArray Monitoring puresupport account configuration
K022EI0MP0530 Pure FlashArray Monitoring Remote Support Status
K022EI0MP0535 Pure FlashArray Monitoring Security email notification
K022EI0MP0540 Pure FlashArray Monitoring SMTP server configuration
K022EI0MP0545 Pure FlashArray Monitoring SNMP status
K092EI00P0550 Pure FlashArray Services and Protocols NFS Enabled
K022EI0M00555 Pure FlashArray Services and Protocols Pure1 Enabled
K022EI0M00560 Pure FlashArray Services and Protocols SNMP versions allowed
... and more.    

NOTE: Secure configuration checks should be performed also for Pure1, FlashBlade, Pure PowerShell SDK and other related Pure components.

 

Interested to learn about StorageGuard secure configuration checks for Pure FlashArray? 

 

 

Contact us

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.