1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'

Information

Sets the SNMP v3 user with SHA authentication and AES-256 encryption

Rationale:

SNMP users have a specified username, a group to which the user belongs, authentication password, encryption password, and authentication and encryption algorithms to use. The authentication algorithm options are MD5 and SHA. The encryption algorithm options are DES, 3DES, and AES (which is available in 128, 192, and 256 versions).

It is recommended to use SHA algorithm for authentication and AES-256 for encryption

Solution

Run the following:

hostname(config)#snmp-server user <snmp_username> <group-name> v3 auth SHA <authentication_password> priv AES 256 <encryption_password>

See Also

https://workbench.cisecurity.org/benchmarks/7194

Item Details

Category: CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-7, 800-53|CP-6, 800-53|CP-7, 800-53|PL-8, 800-53|PM-7, 800-53|SA-8, 800-53|SC-7, CSCv7|11.1

Plugin: Cisco

Control ID: 036a436bcde8ee55962f952a1ec6e451bcefd7a6be3463be188520d1f0953340