Details

SNMP notifications can be sent as traps to authorized management systems.

Rationale:

If SNMP is enabled for device management and device alerts are required, then ensure the device is configured to submit traps only to authorize management systems.

Impact:

Organizations using SNMP should restrict sending SNMP messages only to explicitly named systems to reduce unauthorized access.

Solution

Configure authorized SNMP trap community string and restrict sending messages to authorized management systems.

hostname(config)#snmp-server host {ip_address} {trap_community_string} {notification-type}

Default Value:

A recipient is not specified to receive notifications.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3160https://workbench.cisecurity.org/files/3160https://workbench.cisecurity.org/files/3160

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Cisco.

References

• 800-53|SC-7(15)
• CSCv6|11.7
• CSCv7|11.7

Source

• Tenable.com/audits