STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Riverbed NetIM NDM Security Technical Implementation Guide

V-275488

CAT II (Medium)

The Riverbed NetIM must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).

Rule ID

SV-275488r1147514_rule

STIG

Riverbed NetIM NDM Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001967

Discussion

Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. Bidirectional authentication provides stronger safeguards to validate the identity of other devices for connections that are of greater risk. The IP Detection Service tracks IP addresses (IPs) in the network and allows a user to query an IP address to determine the switch port to which a network device is connected. SNMP access to devices and a read-only community string (or equivalent SNMP v3 credentials) are required for the IP Detection Service to function. Community strings/credentials stored on NetIM are encrypted.

Check Content

Verify NetIM is configured to authenticate SNMP messages using a FIPS-validated HMAC.

1. In the GUI, navigate to Configure >> All Settings >> Discover >> Global Discovery Settings.
2. Click "SNMP v3 Credentials". 
3. In the Add SNMP v3 Credentials box, verify the following is configured:
    Security Level menu = AUTH_PRIV
    Auth Protocol = <protocol>

  Where <protocol> is one of the following for Auth Protocol HMAC192_SHA256, HMAC256_SHA384,  or HMAC384_SHA512

    Priv Protocol = <cipher_protocol>

Where <protocol> is one of the following for Priv Protocol CFB_AES_192, CFB_AES_256

If SNMP messages are not authenticated using a FIPS-validated HMAC, this is a finding.

Fix Text

Configure NetIM to authenticate SNMP messages using a FIPS-validated HMAC.

1. In the GUI, navigate to Configure >> All Settings >> Discover >> Global Discovery Settings.
2. Click "SNMP v3 Credentials". 
3. In the Add SNMP v3 Credentials box, select the following:
    Security Level menu = AUTH_PRIV
    Auth Protocol = <protocol>

Where <protocol> is one of the following for Auth Protocol HMAC192_SHA256, HMAC256_SHA384,  or HMAC384_SHA512.

    Priv Protocol = <protocol>

Where <protocol> is one of the following for Priv Protocol CFB_AES_192, CFB_AES_256

Note: FIPS compliance requires Version 2.10 or higher and a Ubuntu Pro license, both of which are covered in other CAT 1 requirements.