1.5.3 Do not set 'RW' for any 'snmp-server community'

Information

Specifies read-write access. Authorized management stations can both retrieve and modify MIB objects.

Enabling SNMP read-write enables remote management of the device. Unless absolutely necessary, do not allow simple network management protocol (SNMP) write access.

Solution

Disable SNMP write access.

IOSXR(config)#no snmp-server community {community_string}

Impact:

To reduce the risk of unauthorized access, Organizations should disable the SNMP 'write' access for snmp-server community.

See Also

https://workbench.cisecurity.org/benchmarks/10473

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CA-9, 800-53|SC-7, 800-53|SC-7(5), CSCv7|9.2

Plugin: Cisco

Control ID: 815c471fcfb3e5e86f969fc4dfe49a59b44802885a4bb617cc6450397d386702