STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

For nonlocal maintenance sessions using SNMP, the Juniper SRX Services Gateway must use and securely configure SNMPv3 with SHA to protect the integrity of maintenance and diagnostic communications.

DISA Rule

SV-223224r513361_rule

Vulnerability Number

V-223224

Group Title

SRG-APP-000411-NDM-000330

Rule Version

JUSX-DM-000146

Severity

CAT I

CCI(s)

• CCI-002890 - The information system implements cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.

Weight

10

Fix Recommendation

Configure snmp to use version 3 with SHA authentication.

[edit]
set snmp v3 usm local-engine user <NAME> authentication-sha

Check Contents

Verify SNMP is configured for version 3.

[edit]
show snmp v3

If SNMPv3 is not configured for version 3 using SHA, this is a finding.

Vulnerability Number

V-223224

Documentable

False

Rule Version

JUSX-DM-000146

Severity Override Guidance

Verify SNMP is configured for version 3.

[edit]
show snmp v3

If SNMPv3 is not configured for version 3 using SHA, this is a finding.

Check Content Reference

M

Target Key

4098

Comments