3. How the encryption keys are stored and secured?
4. How the secrets (e.g. passwords) are secured while in storage?
5. What kind of access control (RBAC etc.) is supported?
Remember that the management network has several components -- and you want to probe the security for each component: managed entity (switches, ports, etc.), management server, management admin workstation and the network over which they are connected. Also, the traffic may traverse over Fibre Channel (FC) or IP -- you need to address both.
There is a lot you, as the end user, can do. For starters, keep the corporate network and the storage management network separate.
This was first published in July 2005