Data ONTAP 7G supports SNMP versions 1c, 2, and 3 (AuthNoPriv). There are many attacks that can be run against SNMP versions 1c/2 as they use a community string as the only control to access the queries for information. It is best to only utilize SNMPv3 to protect the access to the information that is provided by the OIDs. If you cannot use SNMPv3, at a minimum delete the default community string name and replace it with one that is not in the dictionary. The new community string should also contain special characters. This will reduce the likelihood of an attacker using a dictionary attack to guess the SNMPv1c/2 community string.
NOTE: Please review the benchmark to ensure target compliance.
Create a role, group, and user with login-snmp capability
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system NetApp.