UCF STIG Viewer Logo

The Microsoft SCOM SNMP Monitoring in SCOM must use SNMP V3.


Overview

Finding ID Version Rule ID IA Controls Severity
V-237435 SCOM-IA-000001 SV-237435r643951_rule Low
Description
SNMP Versions 1 and 2 do not use a FIPS-validated Keyed-Hash message Authentication Code (HMAC). SCOM has the capability of monitoring all versions of SNMP. As such, SNMP 1 and 2 monitoring should only be done if the device being monitored does not support SNMP V3.
STIG Date
Microsoft SCOM Security Technical Implementation Guide 2021-03-15

Details

Check Text ( C-40654r643949_chk )
From the SCOM Console, select the Administration workspace.

Navigate to Run As Configuration and select Accounts.

Review all of the listed Accounts.

If any account is listed under the "Community String" type, this is a finding.
Fix Text (F-40617r643950_fix)
Create SNMP V3 Run As accounts and use these to monitor network devices:

Note that for this to work, SNMP V3 must be set up on the network device being monitored and some of the configuration info for this account must be obtained from that device.

From the SCOM Operations Console, select the Administration workspace, expand Run As Configuration, and select Accounts. Right-click and choose "Create Run As accounts". Click "Next" at the first screen and in the Run As account type, choose SNMP V3 account. Give it an appropriate display name and complete the wizard supplying the relevant information from the monitored network device(s).