| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-215842 | CAT II | MONTPOINTGTWYRTR | Cisco IOS XE Router NDM Security Technic... | The Cisco router must be configured to encrypt SNM... | - | |||
Check TextReview the Cisco router configuration to verify that it is compliant with this requirement as shown in the example below. snmp-server group V3GROUP v3 priv read V3READ write V3WRITE snmp-server view V3READ iso included snmp-server view V3WRITE iso included snmp-server host x.x.x.x version 3 auth V3USER Encryption used by the SNMP users can be viewed via the show snmp user command as shown in the example below. R4#show snmp user User name: V3USER Engine ID: 800000090300C2042B540000 storage-type: nonvolatile active Authentication Protocol: SHA Privacy Protocol: AES256 Group-name: V3GROUP If the Cisco router is not configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm, this is a finding. Fix TextConfigure the Cisco router to encrypt SNMP messages using a FIPS 140-2 approved algorithm as shown in the example below. R4(config)#snmp-server group V3GROUP v3 priv read V3READ write V3WRITE R4(config)#snmp-server user V3USER V3GROUP v3 auth sha xxxxxx priv aes 256 xxxxxx Finding DetailsEvaluate-STIG 1.2507.5 (Scan-CiscoXERouterNDM_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 1DB45E772E2D5C909D9677E4B1376C0A674A7D4B ~~~~~ Requires information not provided by show tech or show running configuration file CommentsMONTPOINTGTWYRTR#show snmp user %SNMP agent not enabled MONTPOINTGTWYRTR#
Source: _Reviewed/MONTPOINTGTWYRTR/Checklist/MONTPOINTGTWYRTR_CiscoXERtrNDM_V3R5_20251023-150045.ckl
Scan Date: 2026-01-14T12:57:25.013310
Technology Area: Internal Network
|
||||||||