Configure Simple Network Management Protocol (SNMP) to organizational standards.
CONTROL ID 12423
CONTROL TYPE Configuration
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain system hardening procedures., CC ID: 12001
This Control has the following implementation support Control(s):
Establish access requirements for SNMP community strings., CC ID: 16357
Configure Simple Network Management Protocol to enable authentication and privacy., CC ID: 12427
Change the community string for Simple Network Management Protocol, as necessary., CC ID: 01872
Use different SNMP community strings across devices to support least privilege., CC ID: 17053
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
SNMP version 1 and SNMP version 2 are not used on networks. (Control: ISM-1311; Revision: 3, Australian Government Information Security Manual, June 2023)
SNMP version 1 and SNMP version 2 are not used on networks. (Control: ISM-1311; Revision: 3, Australian Government Information Security Manual, June 2024)
SNMP version 1 and SNMP version 2 are not used on networks. (Control: ISM-1311; Revision: 3, Australian Government Information Security Manual, September 2023)
Ensure SNMP is blocked at all external interfaces. (ROUTER SECURITY SECURING ROUTER PLANES: Simple Network Management Protocol (SNMP) Service: ¶ 2, Guideline 662G1: Systems Security, 662G1-00)
Ensure SNMP is only enabled in the read mode; Read/Write is not enabled unless approved and documented by the IAO/NSO. (ROUTER SECURITY SECURING ROUTER PLANES: Simple Network Management Protocol (SNMP) Service: ¶ 3, Guideline 662G1: Systems Security, 662G1-00)
Configure unique hard to guess SNMP community string, and rotate periodically. Ensure the default SNMP community strings (e.g., âpublicâ and âprivateâ) are changed prior to placing the system into service. Ensure SNMP community strings are managed like passwords. (VIDEO CONFERENCING SECURITY ¶ 4 Bullet 6, Guideline 662G1: Systems Security, 662G1-00)
Ensure the SNMP Version 3 Security Model (both MD5 packet authentication and encryption of the protocol data unit) is used across the entire network infrastructure. (ROUTER SECURITY DEVICE MANAGEMENT: Simple Network Management Protocol (SNMP): ¶ 2, Guideline 662G1: Systems Security, 662G1-00)
Administration and network management of WLAN infrastructure equipment requires strong authentication and encryption of all communication. If an organization uses Simple Network Management Protocol (SNMP) to manage its equipment, it shall use SNMPv3. Use SSL/TLS or an equivalent protection (e.g., IP… (INITIATION ¶ 3, Standard 643S1: Wireless Networks, 643S1-00)