STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vSphere 8.0 ESXi Security Technical Implementation Guide

V-258767

CAT II (Medium)

The ESXi host must disable Simple Network Management Protocol (SNMP) v1 and v2c.

Rule ID

SV-258767r933362_rule

STIG

VMware vSphere 8.0 ESXi Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000366

Discussion

If SNMP is not being used, it must remain disabled. If it is being used, the proper trap destination must be configured. If SNMP is not properly configured, monitoring information can be sent to a malicious host that can use this information to plan an attack.

Check Content

From an ESXi shell, run the following command:

# esxcli system snmp get

or

From a PowerCLI command prompt while connected to the ESXi host, run the following command:

Get-VMHostSnmp | Select *

If SNMP is not in use and is enabled, this is a finding.

If SNMP is enabled and is not using v3 targets with authentication, this is a finding.

Note: SNMP v3 targets can only be viewed and configured via the "esxcli" command.

Fix Text

To disable SNMP from an ESXi shell, run the following command:

# esxcli system snmp set -e no

or

From a PowerCLI command prompt while connected to the ESXi Host:

Get-VMHostSnmp | Set-VMHostSnmp -Enabled $false