There is a great NetApp TR about Security Hardening: TR-4569.
In this article we summerize some configuration that we apply in our customer’s environment.

Active Directory domain users login

cluster::> security login domain-tunnel create -vserver vs1
cluster::> security login create -user-or-group-name "domain\user" -vserver cluster -authentication-method domain -role admin -application ssh
cluster::> security login create -user-or-group-name "domain\user" -vserver cluster -authentication-method domain -role admin -application ontapi
cluster::> security login create -user-or-group-name "domain\user" -vserver cluster -authentication-method domain -role admin -application http

Disable SNMP (if it’s not necessary)

cluster::> system snmp init -init 0

Disable TLS 1.0/1.1

cluster::> set -privilege adv
cluster::> security config modify -interface SSL -is-fips-enabled false -supported-protocols TLSv1.2

Timeout SSH/GUI

cluster::>system timeout modify -timeout 15

NetApp Volume Encryption (onboard key management)

cluster::> security key-manager setup
cluster::> Would you like to configure onboard key management? {yes, no} [yes]: yes

You are an essential ingredient in our ongoing effort to reduce Security Risk

By Roberto