UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The administrator must ensure SNMP is blocked at all external interfaces. SNMP Access is permitted for enterprise mapping capabilities as directed by CTO 09-011.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3022 NET0892 SV-3022r1_rule ECSC-1 Medium
Description
SNMP information can be used to trace the network and reveal networks topology that could enable malicious users to gain access to network devices.
STIG Date
Perimeter Router Security Technical Implementation Guide 2015-07-01

Details

Check Text ( C-3938r1_chk )
NIPRNet - Review the ingress filter and verify SNMP has been restricted. SNMP operates on the TCP/UDP port 161.

SIPRNet - Review Communications Tasking Order (CTO) 09-011. Then apply filtering policy.
Fix Text (F-3047r1_fix)
The administrator will change the router configuration to block SNMP traffic at the perimeter.