The Nokia router must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a Federal Information Processing Standard (FIPS)-validated Keyed-Hash message authentication code.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-283780NOKI-ND-000700SV-283780r1203385_ruleCCI-001967medium
Description
Without authenticating devices, unidentified or unknown devices may be introduced, facilitating malicious activity. Bidirectional authentication provides stronger safeguards to validate the identity of other devices for connections that are of greater risk. A local connection is any connection with a device communicating without the use of a network. A network connection is any connection with a device that communicates through a network (e.g., local area or wide area network or the internet). A remote connection is any connection with a device communicating through an external network (e.g., the internet). Because of the challenges of applying this requirement on a large scale, organizations are encouraged to apply the requirement only to the limited number (and type) of devices that truly need to support this capability.
STIGDate
Nokia Service Router OS 25.x Network Device Management Security Technical Implementation Guide2026-06-15

Details

Check Text (C-283780r1203385_chk)

Review the Nokia router configuration to verify it authenticates SNMP messages using authentication with FIPS-compliant algorithms, as shown in the example below: - show system security user <user name> detail| match "auth proto" auth protocol : hmac-sha2-256 If the Nokia router is not configured to authenticate SNMP messages using authentication with FIPS-validated algorithms, this is a finding.

Fix Text (F-88250r1203384_fix)

Configure the Nokia router to authenticate SNMP messages using authentication with FIPS-compliant algorithms, as shown in the example below: - configure system security user <user name> snmp authentication hmac-sha2-256 <authentication key>