Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The SNMP service must require the use of a FIPS 140-2 approved cryptographic hash algorithm as part of its authentication and integrity methods.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22448 | GEN005306 | SV-38890r1_rule | DCNR-1 | Medium |
| Description |
|---|
| The SNMP service must use SHA-1 or a FIPS 140-2 approved successor for authentication and integrity. |
| STIG | Date |
|---|---|
| AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2017-12-08 |
Details
| Check Text ( C-37888r2_chk ) |
|---|
| Check all SNMPv3 users for configured authentication protocols. # grep USM_USER /etc/snmpdv3.conf The 4th field contains the hash used in the authentication protocol. If an entry exists that does not use HMAC-SHA for the authentication protocol, this is a finding. |
| Fix Text (F-33137r2_fix) |
|---|
| Edit the /etc/snmpdv3.conf file. Change any instances of the HMAC-MD5 authentication protocol in USM_USER entries to HMAC-SHA. For all changed USM_USER entries, regenerate authentication keys using the "pwtokey" command and replace the keys in the /etc/snmpdv3.conf file. |