STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vSphere 7.0 ESXi Security Technical Implementation Guide

V-256414

CAT II (Medium)

Simple Network Management Protocol (SNMP) must be configured properly on the ESXi host.

Rule ID

SV-256414r959010_rule

STIG

VMware vSphere 7.0 ESXi Security Technical Implementation Guide

Version

V1R4

CCIs

CCI-000366

Discussion

If SNMP is not being used, it must remain disabled. If it is being used, the proper trap destination must be configured. If SNMP is not properly configured, monitoring information can be sent to a malicious host that can use this information to plan an attack.

Check Content

From an ESXi shell, run the following command:

# esxcli system snmp get

or

From a PowerCLI command prompt while connected to the ESXi host, run the following command:

Get-VMHostSnmp | Select *

If SNMP is not in use and is enabled, this is a finding.

If SNMP is enabled and read-only communities are set to "public", this is a finding.

If SNMP is enabled and is not using v3 targets, this is a finding.

Note: SNMP v3 targets can only be viewed and configured via the "esxcli" command.

Fix Text

To disable SNMP from an ESXi shell, run the following command:

# esxcli system snmp set -e no

or

From a PowerCLI command prompt while connected to the ESXi Host:

Get-VMHostSnmp | Set-VMHostSnmp -Enabled $false

To configure SNMP for v3 targets, use the "esxcli system snmp set" command set locally on the host or remotely via PowerCLI.