UCF STIG Viewer Logo

The SNMP service must require the use of a FIPS 140-2 approved cryptographic hash algorithm as part of its authentication and integrity methods.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22448 GEN005306 SV-38890r1_rule DCNR-1 Medium
Description
The SNMP service must use SHA-1 or a FIPS 140-2 approved successor for authentication and integrity.
STIG Date
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2018-09-18

Details

Check Text ( C-37888r2_chk )
Check all SNMPv3 users for configured authentication protocols.

# grep USM_USER /etc/snmpdv3.conf

The 4th field contains the hash used in the authentication protocol. If an entry exists that does not use HMAC-SHA for the authentication protocol, this is a finding.
Fix Text (F-33137r2_fix)
Edit the /etc/snmpdv3.conf file. Change any instances of the HMAC-MD5 authentication protocol in USM_USER entries to HMAC-SHA. For all changed USM_USER entries, regenerate authentication keys using the "pwtokey" command and replace the keys in the /etc/snmpdv3.conf file.