UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must employ cryptographic protections using cryptographic modules for SNMP complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000219-NDM-000166 SRG-NET-000219-NDM-000166 SRG-NET-000219-NDM-000166_rule Low
Description
Whether a network is being managed locally or from a Network Operations Center (NOC), achieving network management objectives depends on comprehensive and reliable network management solutions. To protect the integrity and confidentiality of non-local maintenance and diagnostics, all packets associated with these sessions must be encrypted. During the authentication process, malicious users can gain knowledge of passwords during authentication process by sniffing local traffic between the network element and the authentication server. It is imperative the authentication process and the transmission of network management traffic implements cryptographic modules adhering to the higher standards approved by the federal government. This requirement is applicable to network device management and is not applicable to the routing function.
STIG Date
Network Device Management Security Requirements Guide 2013-07-30

Details

Check Text ( C-SRG-NET-000219-NDM-000166_chk )
Verify a FIPS 140-2 validated or NSA-approved cryptographic module is installed and configured on the network device to protect transmissions and data in storage.

If FIPS-140-2 validated or NSA-approved cryptography is not used, this is a finding.
Fix Text (F-SRG-NET-000219-NDM-000166_fix)
Ensure the network device uses cryptographic protections which employ FIPS 140-2 validated or NSA approved cryptographic modules.