Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Resources
Documents
Publishers
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Juniper SRX Services Gateway NDM Security Technical Implementation Guide
SRG-APP-000142-NDM-000245
SRG-APP-000142-NDM-000245
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000142-NDM-000245
1 Rule
The Juniper SRX Services Gateway must use and securely configure SNMPv3 if SNMP is enabled.
High Severity
To prevent nonsecure protocol communications with the organization's local SNMPv3 services, the SNMP client on the Juniper SRX must be configured for proper identification and strong cryptographically based protocol for authentication. SNMPv3 defines a user-based security model (USM) and a view-based access control model (VACM). SNMPv3 USM provides data integrity, data origin authentication, message replay protection, and protection against disclosure of the message payload. SNMPv3 VACM provides access control to determine whether a specific type of access (read or write) to the management information is allowed. The Junos operating system allows the use of SNMPv3 to monitor or query the device for management purposes. Junos does not allow SNMPv3, of any type, to be used to make configuration changes to the device. SNMPv3 is disabled by default and must be enabled for use. SNMPv3 is the DOD-preferred method for monitoring the device securely. If SNMPv3 is not being used, it must be disabled. The commands in the Fix Text will configure SNMPv3. The Junos operating system allows the use of FIPS 140-2/140-3 validated protocols for secure connections.