UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IAO/NSO will ensure that all SNMP community strings are changed from the default values.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3210 NET1665 SV-3210r7_rule ECSC-1 IAIA-1 IAIA-2 High
Description
Community strings default to the name PUBLIC. This is known by those wishing to exert an attack against the devices in the network. This must be changed to something that is in compliance with DISA password guidelines. Not all individuals need write access to the device. Compromising the read password will have less of an impact if it cannot be used to change information. An erroneous message being sent to the NMS can cause network managers to act inappropriately in responding to an alarm or warning. It is important that the information being received is from valid managed devices.
STIG Date
WMAN Bridge 2011-10-07

Details

Check Text ( C-3822r1_chk )
Interview the network administrators and examine configurations of managed nodes (routers, switches, etc).
Fix Text (F-3235r2_fix)
Most network management systems (NMSs) default to a community sign on name of public. This community name will be changed to something that is not easily guessed. It will be protected in the same way as any password is protected.