Ensure 'snmp-server group' is set to 'v3 priv'

Information

Sets the SNMP v3 group with authentication and privacy

Rationale:

SNMP Version 3 provides security enhancements that are not available in SNMP Version 1 or SNMP Version 2c. SNMP Versions 1 and 2c transmit data between the SNMP server and SNMP agent in clear text. SNMP Version 3 adds authentication and privacy options to secure protocol operations.

For configuration purposes, the authentication and privacy options are grouped together into security models. Security models apply to users and groups, and are divided into the following three types:
*NoAuthPriv--No Authentication and No Privacy, which means that no security is applied to messages.
*AuthNoPriv--Authentication but No Privacy, which means that messages are authenticated.
*AuthPriv--Authentication and Privacy, which means that messages are authenticated and encrypted.

It is recommended that packets should be authenticated and encrypted

Solution

Firepower Management Center:

Devices > Platform settings > SNMP

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/hardening/ftd/FTD_Hardening_Guide_v64.html

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(3)

Plugin: Cisco_Firepower

Control ID: 4a251fbb51b71ccd242f5fb1dd0225bfd725b8dcd9e4ca25f36b4af803d0cfe2