All in-band sessions to the NMS must be secured using FIPS 140-2 approved encryption and hashing algorithms.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4613 | NET1762 | SV-4613r2_rule | ECNK-1 ECSC-1 | Medium |
| Description |
|---|
| Without the use of FIPS 140-2 encryption to in-band management connections, unauthorized users may gain access to the NMS enabling them to change device configurations and SNMP variables that can cause disruptions and even denial of service conditions. |
| STIG | Date |
|---|---|
| Network Devices Security Technical Implementation Guide | 2018-11-27 |
Details
| Check Text ( C-3832r2_chk ) |
|---|
| Inspect the NMS configuration to validate in-band management access is using an approved FIPS 140-2 encryption and hashing algorithm. |
| Fix Text (F-4546r2_fix) |
|---|
| Implement and configure an approved FIPs 140-2 encryption and hashing algorithm for in-band management to the NMS. |