UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The SNMP service must require the use of a FIPS 140-2 approved encryption algorithm for protecting the privacy of SNMP messages.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22449 GEN005307 SV-63415r1_rule DCNR-1 Medium
Description
The SNMP service must use AES or a FIPS 140-2 approved successor algorithm for protecting the privacy of communications.
STIG Date
Oracle Linux 5 Security Technical Implementation Guide 2015-06-05

Details

Check Text ( C-52123r3_chk )
Verify the SNMP daemon uses AES for SNMPv3 users.

Procedure:
Examine the default install location /etc/snmp/snmpd.conf
or:
# find / -name snmpd.conf

# grep -v '^#' | grep -i createuser | grep -vi AES

If any line is present this is a finding.
Fix Text (F-54021r2_fix)
Edit /etc/snmp/snmpd.conf and add the AES keyword for any create user statement without one.

Restart the SNMP service.
# service snmpd restart