All in-band sessions to the NMS must be secured using FIPS 140-2 approved encryption and hashing algorithms.

From Network Devices Security Technical Implementation Guide

Part of In-band access to the NMS is not encrypted.

Associated with IA controls: ECNK-1, ECSC-1

SV-4613r2_rule All in-band sessions to the NMS must be secured using FIPS 140-2 approved encryption and hashing algorithms.

Vulnerability discussion

Without the use of FIPS 140-2 encryption to in-band management connections, unauthorized users may gain access to the NMS enabling them to change device configurations and SNMP variables that can cause disruptions and even denial of service conditions.

Check content

Inspect the NMS configuration to validate in-band management access is using an approved FIPS 140-2 encryption and hashing algorithm.

Fix text

Implement and configure an approved FIPs 140-2 encryption and hashing algorithm for in-band management to the NMS.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.