This page provides a list of recommended secure configuration checks (benchmark) for Pure FlashArray, and is periodically updated. FlashArray from Pure Storage is an all-flash enterprise storage platform.
Interested to learn about StorageGuard Benchmark Checks for Pure Storage? |
||
|
|
ID | System | Category | Configuration check |
K022EI00P0100 | Pure FlashArray | Access Control | Account Lockout duration |
K072EI00P0105 | Pure FlashArray | Access Control | Account Lockout threshold |
K072EI0MP0110 | Pure FlashArray | Access Control | Anonymous user SMB access is enabled |
K072EI0M00115 | Pure FlashArray | Access Control | API token_ttl settings |
K022EI0MP0120 | Pure FlashArray | Access Control | Approved admin users / AD groups |
K022EI0MP0125 | Pure FlashArray | Access Control | Approved API Clients |
K022EI0MP0130 | Pure FlashArray | Access Control | Approved cloud offload targets |
K022EI00P0135 | Pure FlashArray | Access Control | Approved pure1 users |
K022EI0MP0140 | Pure FlashArray | Access Control | Cloud offload enabled |
K022EI0MP0145 | Pure FlashArray | Access Control | Idle session timeout |
K022EI0MP0150 | Pure FlashArray | Access Control | Inactive users |
K022EI00P0155 | Pure FlashArray | Access Control | Non-default local users |
K022EI0MP0160 | Pure FlashArray | Access Control | Remote support auto termination timeout |
K022EI00P0165 | Pure FlashArray | Access Control | RemoteAssist state |
K022EI00P0170 | Pure FlashArray | Audit | Audit logging status |
K022EI0MP0175 | Pure FlashArray | Audit | External logging server |
K022EI0MP0180 | Pure FlashArray | Audit | Lossless logging server protocol |
K032EI0MP0185 | Pure FlashArray | Audit | NTP server configured |
K032EI0MP0190 | Pure FlashArray | Audit | NTP server redundancy |
K022EI0MP0195 | Pure FlashArray | Audit | Required NTP servers |
K022EI0MP0200 | Pure FlashArray | Authentication | Authentication server configuration |
K022E00MP0205 | Pure FlashArray | Authentication | Authentication server redundancy |
K022EI0MP0210 | Pure FlashArray | Authentication | CHAP authentication mode |
K022EI0MP0215 | Pure FlashArray | Authentication | Default Passwords |
K022EI0M00220 | Pure FlashArray | Authentication | DS server authenticity enforcement |
K022EI0MP0225 | Pure FlashArray | Authentication | iSCSI CHAP enabled |
K022EI0M00230 | Pure FlashArray | Authentication | Kerberos settings |
K022EI0000235 | Pure FlashArray | Authentication | LDAP redundancy |
K022EI0MP0240 | Pure FlashArray | Authentication | LDAP settings |
K022EI0MP0245 | Pure FlashArray | Authentication | Minimum password length |
K022EI0MP0250 | Pure FlashArray | Authentication | Multifactor authentication |
K022EI0MP0255 | Pure FlashArray | Authentication | Pure1 mutual TLS authentication |
K082EI0MP0260 | Pure FlashArray | Authentication | Rest API authentication |
K022EI00P0265 | Pure FlashArray | Authentication | SNMP authentication |
K022EI00P0270 | Pure FlashArray | Authentication | SNMP Authentication Protocol |
K022E00MP0275 | Pure FlashArray | Authentication | SNMP Community string |
K022EI0MP0280 | Pure FlashArray | Authentication | SNMP user authentication |
K072EI0MP0285 | Pure FlashArray | Authentication | SSO status |
K022EI0MP0290 | Pure FlashArray | Authorization | NFS/SMB permission |
K022EI0MP0295 | Pure FlashArray | Authorization | Root Squash disabled |
K022EI0MP0300 | Pure FlashArray | Authorization | User role configuration |
K022EI0MP0305 | Pure FlashArray | Backup and Recovery | Data retention period |
K022EI0M00310 | Pure FlashArray | Backup and Recovery | Off-Site Replication Configuration |
K022EI0000315 | Pure FlashArray | Backup and Recovery | Secure erase holdout period |
K012EI0MP0320 | Pure FlashArray | Backup and Recovery | Tenant replication allowed |
K022EI0MP0325 | Pure FlashArray | Configuration Management | Approved snapshot offload targets |
K022E00MP0330 | Pure FlashArray | Configuration Management | Atime synchronization |
K022EI0MP0335 | Pure FlashArray | Configuration Management | Banner configuration |
K022EI0MP0340 | Pure FlashArray | Configuration Management | Central Certificate Authority (CA) status |
K022EI0MP0345 | Pure FlashArray | Configuration Management | Certificate Algorithm |
K022EI0MP0350 | Pure FlashArray | Configuration Management | Certificate expiry date |
K022EI00P0355 | Pure FlashArray | Configuration Management | Certificate key_size |
K022EI0MP0360 | Pure FlashArray | Configuration Management | DNS server redundancy |
K022EI00P0365 | Pure FlashArray | Configuration Management | DNS service configuration |
K042EI00P0370 | Pure FlashArray | Configuration Management | Domain name settings |
K042EI0MP0375 | Pure FlashArray | Configuration Management | Enabled applications |
K022EI0M00380 | Pure FlashArray | Configuration Management | KMIP/KMS server configuration |
K022EI0M00385 | Pure FlashArray | Configuration Management | Pure Storage FA SSMS Extension version |
K022EI0MP0390 | Pure FlashArray | Configuration Management | Pure Storage FlashArray PowerShell SDK version |
K022EI0MP0395 | Pure FlashArray | Configuration Management | PureStorage Unified Add-on for Splunk version |
K022E00MP0400 | Pure FlashArray | Configuration Management | Purity version |
K022EI0MP0405 | Pure FlashArray | Configuration Management | Self-signed certificates |
K022EI0MP0410 | Pure FlashArray | Configuration Management | SMIS status |
K022EI0MP0415 | Pure FlashArray | Configuration Management | Snapshot offload enabled |
K022EI0MP0420 | Pure FlashArray | Configuration Management | SNMP trap host configuration |
K022EI0MP0425 | Pure FlashArray | Configuration Management | SSL certificate private key configuration |
K052EI0MP0430 | Pure FlashArray | Data Integrity | SMB digital signing |
K022EI0M00435 | Pure FlashArray | Encryption | API used with SSL verification |
K022E00M00440 | Pure FlashArray | Encryption | Data encryption algorithm strength |
K022EI0MP0445 | Pure FlashArray | Encryption | Data at-rest encryption |
K022EI00P0450 | Pure FlashArray | Encryption | Phonehome HTTPS proxy |
K022EI00P0455 | Pure FlashArray | Encryption | Pure1 TLS level |
K022EI0MP0460 | Pure FlashArray | Encryption | Secure LDAP |
K022EI0MP0465 | Pure FlashArray | Encryption | SMTP with TLS (supported?) |
K052EI0MP0470 | Pure FlashArray | Encryption | SNMP message privacy |
K022EI0MP0475 | Pure FlashArray | Encryption | SSH cipher strength |
K022EI0MP0480 | Pure FlashArray | Encryption | SSH MAC strength |
K022EI0MP0485 | Pure FlashArray | Encryption | TLS Level |
K022EI0MP0490 | Pure FlashArray | Hardening | CC-compliance mode |
K022EI0MP0495 | Pure FlashArray | Hardening | Console lock status |
K062EI0MP0500 | Pure FlashArray | Hardening | Pure SafeMode configuration |
K062EI0MP0505 | Pure FlashArray | Hardening | Rapid Data Locking configuration |
K022EI0M00510 | Pure FlashArray | Hardening | Restricted shell |
K022E00MP0515 | Pure FlashArray | Monitoring | Automatic PHONE HOME Enabled |
K022EI00P0520 | Pure FlashArray | Monitoring | Mail (SMTP) settings |
K022EI00P0525 | Pure FlashArray | Monitoring | puresupport account configuration |
K022EI0MP0530 | Pure FlashArray | Monitoring | Remote Support Status |
K022EI0MP0535 | Pure FlashArray | Monitoring | Security email notification |
K022EI0MP0540 | Pure FlashArray | Monitoring | SMTP server configuration |
K022EI0MP0545 | Pure FlashArray | Monitoring | SNMP status |
K092EI00P0550 | Pure FlashArray | Services and Protocols | NFS Enabled |
K022EI0M00555 | Pure FlashArray | Services and Protocols | Pure1 Enabled |
K022EI0M00560 | Pure FlashArray | Services and Protocols | SNMP versions allowed |
... and more. |
NOTE: Secure configuration checks should be performed also for Pure1, FlashBlade, Pure PowerShell SDK and other related Pure components.
Interested to learn about StorageGuard secure configuration checks for Pure FlashArray?
|
||
|
|
Comments
0 comments
Please sign in to leave a comment.