STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Cisco Secure Network Analytics (SNA) Security Technical Implementation Guide

V-284884

CAT I (High)

The Cisco SNA appliance must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.

Rule ID

SV-284884r1212060_rule

STIG

Cisco Secure Network Analytics (SNA) Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000382

Discussion

To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable unused or unnecessary physical and logical ports/protocols on information systems. Network devices are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizational operations. Additionally, it is sometimes convenient to provide multiple services from a single component (e.g., email and web services); however, doing so increases risk over limiting the services provided by any one component. To support the requirements and principles of least functionality, the network device must support the organizational requirements providing only essential capabilities and limiting the use of ports, protocols, and/or services to only those required, authorized, and approved. Some network devices have capabilities enabled by default; if these capabilities are not necessary, they must be disabled. If a particular capability is used, then it must be documented and approved.

Check Content

Review the Cisco SNA appliance configuration to determine if it prohibits the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.

Navigate to Cisco SNA Dashboard >> Configure >> Central Management >> Inventory >> Actions... >> Edit Appliance Configuration >> Appliance Tab >> SSH. Verify "Enable" is unchecked.

Navigate to Network Services tab >> SNMP Agent. Verify "Enable" is unchecked if not needed by the organization.

Navigate to Network Services tab >> Internet Proxy. Verify "Enable" is unchecked if not needed by the organization.

Navigate to General Tab >> External Services. Verify "Enable" is unchecked if not needed by the organization.

If any unnecessary or nonsecure functions are permitted, this is a finding.

Fix Text

Configure the Cisco SNA appliance to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.

Navigate to Cisco SNA Dashboard >> Configure >> Central Management >> Inventory >> Actions... >> Edit Appliance Configuration >> Appliance Tab. Ensure "SSH" is unchecked.

Navigate to Network Services tab >> SNMP Agent. Uncheck "Enable" if not needed by organization.

Navigate to Network Services tab >> Internet Proxy. Uncheck "Enable" if not needed by organization.

Navigate to General tab >> External Services. Uncheck "Enable" if not needed by organization.

Click "Apply Settings".