Rule ID
SV-237435r961506_rule
Version
V1R2
CCIs
SNMP Versions 1 and 2 do not use a FIPS-validated Keyed-Hash message Authentication Code (HMAC). SCOM has the capability of monitoring all versions of SNMP. As such, SNMP 1 and 2 monitoring should only be done if the device being monitored does not support SNMP V3.
From the SCOM Console, select the Administration workspace. Navigate to Run As Configuration and select Accounts. Review all of the listed Accounts. If any account is listed under the "Community String" type, this is a finding.
Create SNMP V3 Run As accounts and use these to monitor network devices: Note that for this to work, SNMP V3 must be set up on the network device being monitored and some of the configuration info for this account must be obtained from that device. From the SCOM Operations Console, select the Administration workspace, expand Run As Configuration, and select Accounts. Right-click and choose "Create Run As accounts". Click "Next" at the first screen and in the Run As account type, choose SNMP V3 account. Give it an appropriate display name and complete the wizard supplying the relevant information from the monitored network device(s).