STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Juniper SRX Services Gateway NDM Security Technical Implementation Guide

V-223224

CAT I (High)

For nonlocal maintenance sessions using SNMP, the Juniper SRX Services Gateway must use and securely configure SNMPv3 with SHA256 or higher to protect the integrity of maintenance and diagnostic communications.

Rule ID

SV-223224r1056178_rule

STIG

Juniper SRX Services Gateway NDM Security Technical Implementation Guide

Version

V3R3

CCIs

CCI-002890

Discussion

Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Nonlocal maintenance and diagnostic activities are activities conducted by individuals communicating through an external network (e.g., the internet) or internal network. The Juniper SRX allows the use of SNMP to monitor or query the device in support of diagnostic information. SNMP cannot be used to make configuration changes; however, it is a valuable diagnostic tool. SNMP is disabled by default and must be enabled for use. SNMPv3 is the DOD-required version but must be configured to be used securely.

Check Content

Verify SNMP is configured for version 3.

[edit]
show snmp v3
 
If SNMPv3 is not configured for version 3 using SHA256 or higher, this is a finding.

Fix Text

Configure snmp to use version 3 with SHA256 authentication.

[edit]
set snmp v3 usm local-engine user <NAME> authentication-sha256