GEN005306 - SNMP service must require a FIPS 140-2 approved hash algorithm as part of its authentication and integrity methods

Information

The SNMP service must use SHA-1 or a FIPS 140-2 approved successor for authentication and integrity.

Solution

Edit the /etc/snmpdv3.conf file. Change any instances of the HMAC-MD5 authentication protocol in USM_USER entries to HMAC-SHA. For all changed USM_USER entries, regenerate authentication keys using the 'pwtokey' command and replace the keys in the /etc/snmpdv3.conf file.

See Also

http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(2), CAT|II, CCI|CCI-001453, Rule-ID|SV-38890r1_rule, STIG-ID|GEN005306, Vuln-ID|V-22448

Plugin: Unix

Control ID: a171271c64ddb00d2a15a105e6b7219f50591d8de9d09cb9c2d318b940279114