Back

Configure Simple Network Management Protocol (SNMP) to organizational standards.


CONTROL ID
12423
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system hardening procedures., CC ID: 12001

This Control has the following implementation support Control(s):
  • Establish access requirements for SNMP community strings., CC ID: 16357
  • Configure Simple Network Management Protocol to enable authentication and privacy., CC ID: 12427
  • Change the community string for Simple Network Management Protocol, as necessary., CC ID: 01872
  • Use different SNMP community strings across devices to support least privilege., CC ID: 17053


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • SNMP version 1 and SNMP version 2 are not used on networks. (Control: ISM-1311; Revision: 3, Australian Government Information Security Manual, June 2023)
  • SNMP version 1 and SNMP version 2 are not used on networks. (Control: ISM-1311; Revision: 3, Australian Government Information Security Manual, June 2024)
  • SNMP version 1 and SNMP version 2 are not used on networks. (Control: ISM-1311; Revision: 3, Australian Government Information Security Manual, September 2023)
  • Ensure SNMP is blocked at all external interfaces. (ROUTER SECURITY SECURING ROUTER PLANES: Simple Network Management Protocol (SNMP) Service: ¶ 2, Guideline 662G1: Systems Security, 662G1-00)
  • Ensure SNMP is only enabled in the read mode; Read/Write is not enabled unless approved and documented by the IAO/NSO. (ROUTER SECURITY SECURING ROUTER PLANES: Simple Network Management Protocol (SNMP) Service: ¶ 3, Guideline 662G1: Systems Security, 662G1-00)
  • Configure unique hard to guess SNMP community string, and rotate periodically. Ensure the default SNMP community strings (e.g., “public” and “private”) are changed prior to placing the system into service. Ensure SNMP community strings are managed like passwords. (VIDEO CONFERENCING SECURITY ¶ 4 Bullet 6, Guideline 662G1: Systems Security, 662G1-00)
  • Ensure the SNMP Version 3 Security Model (both MD5 packet authentication and encryption of the protocol data unit) is used across the entire network infrastructure. (ROUTER SECURITY DEVICE MANAGEMENT: Simple Network Management Protocol (SNMP): ¶ 2, Guideline 662G1: Systems Security, 662G1-00)
  • Administration and network management of WLAN infrastructure equipment requires strong authentication and encryption of all communication. If an organization uses Simple Network Management Protocol (SNMP) to manage its equipment, it shall use SNMPv3. Use SSL/TLS or an equivalent protection (e.g., IP… (INITIATION ¶ 3, Standard 643S1: Wireless Networks, 643S1-00)