1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'

Information

Sets the SNMP v3 group with authentication and privacy

Rationale:

SNMP Version 3 provides security enhancements that are not available in SNMP Version 1 or SNMP Version 2c. SNMP Versions 1 and 2c transmit data between the SNMP server and SNMP agent in clear text. SNMP Version 3 adds authentication and privacy options to secure protocol operations.

For configuration purposes, the authentication and privacy options are grouped together into security models. Security models apply to users and groups, and are divided into the following three types:

-NoAuthPriv-No Authentication and No Privacy, which means that no security is applied to messages.

-AuthNoPriv-Authentication but No Privacy, which means that messages are authenticated.

-AuthPriv-Authentication and Privacy, which means that messages are authenticated and encrypted.

It is recommended that packets should be authenticated and encrypted

Solution

Run the following to configure the SNMP v3 group.

hostname(config)# snmp-server group <group_name> v3 priv

See Also

https://workbench.cisecurity.org/files/3246

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6

Plugin: Cisco

Control ID: a7c6f7ca6980242e2ab2e18e7160e24bb94ce60b89edc4e11f657ba5d21deb3e