STIGQter STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

SNMP is not being used in accordance with the Network Infrastructure STIG.

DISA Rule

SV-18877r1_rule

Vulnerability Number

V-17703

Group Title

RTS-VTC 3140.00 [IP]

Rule Version

RTS-VTC 3140.00

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

[IP]; Perform the following tasks:
If SNMP is used to monitor or remotely control/manage/configure a VTC system/device, implement and configure SNMP in compliance with the applicable SNMP requirements found in the Network Infrastructure STIG.

Check Contents

[IP]; Interview the IAO and validate compliance with the following requirement:

If SNMP is used to monitor or remotely control/manage/configure a VTC system/device, ensure the use of SNMP is performed in compliance with the applicable SNMP requirements found in the Network Infrastructure STIG.

This is a finding if SNMP is not being used in accordance with the Network Infrastructure STIG.

Note: During APL testing, this is a finding in the event SNMP configuration cannot come into compliance with the Network Infrastructure STIG.

Vulnerability Number

V-17703

Documentable

False

Rule Version

RTS-VTC 3140.00

Severity Override Guidance

[IP]; Interview the IAO and validate compliance with the following requirement:

If SNMP is used to monitor or remotely control/manage/configure a VTC system/device, ensure the use of SNMP is performed in compliance with the applicable SNMP requirements found in the Network Infrastructure STIG.

This is a finding if SNMP is not being used in accordance with the Network Infrastructure STIG.

Note: During APL testing, this is a finding in the event SNMP configuration cannot come into compliance with the Network Infrastructure STIG.

Check Content Reference

I

Potential Impact

Improperly configured SNMP monitoring and management protocols used to monitor or control/manage/configure a VTC system/device could lead to the disclosure of sensitive or classified information to individuals that may not have an appropriate need-to-know or proper security clearance.

Responsibility

Information Assurance Officer

Target Key

1418

Comments