Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Cisco switch must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-220501 | CISC-ND-001140 | SV-220501r879768_rule | Medium |
| Description |
|---|
| Without the strong encryption that is provided by the SNMP Version 3 User-based Security Model (USM), an unauthorized user can gain access to network management information that can be used to create a network outage. |
| STIG | Date |
|---|---|
| Cisco NX OS Switch NDM Security Technical Implementation Guide | 2023-02-17 |
Details
| Check Text ( C-22216r539224_chk ) |
|---|
| Review the Cisco switch configuration to verify that it is compliant with this requirement as shown in the example below: snmp-server user NETOPS auth sha 5Er23@#as178 priv aes-128 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Encryption used by the SNMP users can be viewed via the show snmp user command as shown in the example below: SW1# show snmp user ______________________________________________________________ SNMP USERS ______________________________________________________________ User Auth Priv(enforce) Groups acl_filter ____ ____ ___________ ______ __________ NETOPS sha aes-128 network-operator If the Cisco switch is not configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm, this is a finding. |
| Fix Text (F-22205r539225_fix) |
|---|
| Configure the Cisco switch to encrypt SNMP messages using a FIPS 140-2 approved algorithm as shown in the example below: SW1(config)# snmp-server user NETOPS auth sha xxxxxxxxxxxxx priv aes-128 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |