STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:

The DataPower Gateway must use SNMPv3.

DISA Rule

SV-79655r1_rule

Vulnerability Number

V-65165

Group Title

SRG-APP-000395-NDM-000310

Rule Version

WSDP-NM-000112

Severity

CAT I

CCI(s)

CCI-001967 - The information system authenticates organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

Weight

Fix Recommendation

The browser, SSH, and XML Management network interfaces are set to SSL/TLS and require authentication by default. For SNMP, go to Administration >> Access >> SNMP Settings. Set SNMP v3 Security Level to Authenticate. Create one or more new SNMPv3 users that employ Authentication (may be password or key). Network transport for SNMP uses TLS by default.

Check Contents

For SNMP, go to Administration >> Access >> SNMP Settings. Ensure the SNMP v3 Security Level is set to Authenticate. If it is not, this is a finding.

Vulnerability Number

V-65165

Documentable

False

Rule Version

WSDP-NM-000112

Severity Override Guidance

For SNMP, go to Administration >> Access >> SNMP Settings. Ensure the SNMP v3 Security Level is set to Authenticate. If it is not, this is a finding.

Check Content Reference

Target Key

2861

The DataPower Gateway must use SNMPv3.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments