STIGQter STIGQter: STIG Summary: HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 28 Jul 2017:

The SNMP service on the storage system must require the use of a FIPS 140-2 approved cryptographic hash algorithm as part of its authentication and integrity methods.

DISA Rule

SV-85119r1_rule

Vulnerability Number

V-70497

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

HP3P-32-001305

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the storage system to use AES encryption for SNMPv3 by entering the command:

cli% setsnmpmgr -snmpuser 3parsnmpuser -pw <password> -version 3 <IP address of SNMP manager>

Check Contents

Verify that SNMP encryption uses AES by entering the following command:

cli% showsnmpuser
Username AuthProtocol PrivProtocol
3parsnmpuser HMAC-SHA-96 CFB128-AES-128

If the PrivProtocol in the result is not AES, this is a finding.

Vulnerability Number

V-70497

Documentable

False

Rule Version

HP3P-32-001305

Severity Override Guidance

Verify that SNMP encryption uses AES by entering the following command:

cli% showsnmpuser
Username AuthProtocol PrivProtocol
3parsnmpuser HMAC-SHA-96 CFB128-AES-128

If the PrivProtocol in the result is not AES, this is a finding.

Check Content Reference

M

Target Key

3013

Comments