STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide

V-237820

CAT II (Medium)

SNMP must be changed from default settings and must be configured on the storage system to provide alerts of critical events that impact system security.

Rule ID

SV-237820r647869_rule

STIG

HPE 3PAR StoreServ 3.2.x Security Technical Implementation Guide

Version

V2R1

CCIs

CCI-000139CCI-000366CCI-001858

Discussion

Whether active or not, default SNMP passwords, users, and passphrases must be changed to maintain security. If the service is running with the default authenticators, anyone can gather data about the system and the network(s) and use the information to potentially compromise the integrity of the system or network(s). The product must be configured to alert administrators when events occur that may impact system operation or security. The alerting mechanism must support secured options and configurations that can be audited. Satisfies: SRG-OS-000046-GPOS-00022, SRG-OS-000480-GPOS-00227, SRG-OS-000344-GPOS-00135

Check Content

Verify a SNMPv3 user account is configured. Run the following command:

cli% showsnmpuser
Username | AuthProtocol | PrivProtocol
3parsnmpuser | HMAC SHA 96 | CFB128 AES 128

If the output is not displayed in the above format, this is a finding.

Identify the SNMP trap recipient and report SNMP configuration with the following command:

cli% showsnmpmgr
HostIP | Port | SNMPVersion | User
<snmp trap recipient IP> | 162 | 3 | 3parsnmpuser

If the SNMP trap recipient IP address is incorrect, this is a finding.
If the SNMP port is not "162", this is a finding.
If the SNMP version is not "3", this is a finding.
If the SNMP user ID is incorrect, this is a finding.

Generate a test trap:
cli% checksnmp

Trap sent to the following managers:
< IP address of trap recipient>

If the response does not indicate a trap was successfully sent, this is a finding.

Fix Text

To configure SNMPv3 alert notifications, use this sequence of operations to create and enable an SNMPv3 user, and create associated keys for authentication and privacy:

First, create the "3parsnmpuser" on the host with the following command:

cli% createuser 3parsnmpuser all browse

Enter the password and retype the password to confirm.

Next, create the snmp user and associate that with the "3parsnmpuser" account on the host.

cli% createsnmpuser 3parsnmpuser

Enter the password and retype the password to confirm. 

Finally, add the IP address of the SNMPv3 trap recipient, where the permissions of the account are used:

cli% addsnmpmgr -pw <password> -version 3 -snmpuser 3parsnmpuser <ip address>