Free DISA STIG and SRG Library | Vaulted

V-70497

The SNMP service on the storage system must require the use of a FIPS 140-2 approved cryptographic hash algorithm as part of its authentication and integrity methods.

Finding ID
HP3P-32-001305
Rule ID
SV-85119r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-OS-000480-GPOS-00227
CCI
CCI-000366
Target Key
(None)
Documentable
No
Discussion

The SNMP service must use AES or a FIPS 140-2 approved successor algorithm for protecting the privacy of communications.

Fix Text

Configure the storage system to use AES encryption for SNMPv3 by entering the command: cli% setsnmpmgr -snmpuser 3parsnmpuser -pw <password> -version 3 <IP address of SNMP manager>

Check Content

Verify that SNMP encryption uses AES by entering the following command: cli% showsnmpuser Username AuthProtocol PrivProtocol 3parsnmpuser HMAC-SHA-96 CFB128-AES-128 If the PrivProtocol in the result is not AES, this is a finding.