1.11.3 Ensure 'snmp-server host' is set to 'version 3'

Information

Sets the SNMP notification recipient or the NMS or SNMP manager that can connect to the ASA.

Rationale:

An SNMP host is an IP address to which SNMP notifications and traps are sent or which can send requests (polling) to the security appliance. To configure SNMP Version 3 hosts, along with the target IP address, the SNMP username must be provided, because traps are only sent to a configured user. It is an additional access control.

Solution

Run the following to configure the SNMP v3 host

hostname(config)# snmp-server host <interface_name> <host_ip_address> version 3 <snmp_user>

See Also

https://workbench.cisecurity.org/files/3294

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-2, CSCv7|11.1

Plugin: Cisco

Control ID: d97139bb20c7cc614b3e0e2d4060593031a22101a7d1e0766fc5eb39f4705a28