Question & Answer
Question
What changes are being made to the FlashSystem 840 and 900 to comply with the California Consumer Privacy Act of 2018? Is it compliant? How does the behavior of the system change?
Cause
The United States, State of California legislature passed a bill in 2018 that takes effect on January 1, 2020. This law mandates that "connected devices" sold in California (CA) comply with certain specific requirements related to security, specifically passwords.
The law does not apply to existing devices (already sold and installed), only to newly sold devices. So the law does not affect the IBM FlashSystem 840, AE1 as it is no longer marketed by IBM.
However, it does affect the FlashSystem 900 AE3 models 9840-AE3 and 9843-AE3, as well as the V9000 AE3 models 9846-AE3 and 9848-AE3.
It also affects the FlashSystem 900 AE2 models 9840-AE2, 9843-AE2 because those systems run the same firmware as the AE3. Therefore, the changes being made for the AE3 can affect an AE2 system when upgraded to release 1.6.1.1 or higher.
Answer
Is the FlashSystem compliant with the new CA law?
Yes. All FlashSystem 900s that IBM ships beginning in 2020 comply with the California law.
What changes are being made?
- When a system is initialized, it will force the user to change the password. The password must be different than the default, well-known password.
- Any future attempt to change the password back to the default password will fail.
- The maintenance procedures that can be used to reset a lost password will require the user to enter a new password. The password cannot be reset to the default.
- When a new cluster is created at initialization time, or any later time, the command will always require the user to change the password. It will not allow the password to be changed back to the default.
What systems does this affect?
- This change will affect all NEW FlashSystem 900s shipped with 1.6.1.1 or higher firmware.
- It affects any system that is upgraded to firmware 1.6.1.1 or later. The FlashSystem 840 is NOT affected because 1.6.x.x firmware is not supported on the 840. Existing FlashSystem 900 AE2 and AE3 systems already sold ARE affected, but only when they are upgraded to 1.6.1.1 or higher firmware.
What else do I need to know?
- Upgrading an existing system to 1.6.1.1 or later does NOT require any password change.
- AFTER upgrading an existing system to 1.6.1.1 or later, if you remove the cluster (reinitialize the system), the password WILL have to be changed.
- If a system has a problem, most service actions performed by support will not affect the password. If the password must be changed because of a service action by IBM support, then IBM Support will ask you to change it.
Related Information
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"STKMQB","label":"IBM FlashSystem 900"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"STKMQB","label":"IBM FlashSystem 900"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"STKMQV","label":"IBM FlashSystem V9000"},"Component":"AE3","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
Was this topic helpful?
Document Information
Modified date:
17 February 2023
UID
ibm11105155