Windows 7: This control activity guides the IT professional through a process to reconfigure default SNMP values to custom values.
Home<ObjectTemplate ID="WIN7_MCA_00054" TypeID="GRCControl!System.Compliance.ManualControlActivityProjection">
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalName$">$MPElement[Name='GRC!System.Compliance.SourceNameEnum.MicrosoftCorporation']$</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalId$">WIN7_MCA_00054</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ExternalVersion$">1.0</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Type$">$MPElement[Name='GRCControl!System.Compliance.ControlActivity.TypeEnum.Preventive']$</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Title$">Configure SNMP Parameters</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/DisplayName$">WIN7_MCA_00054 Configure SNMP Parameters</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/Description$">Windows 7: This control activity guides the IT professional through a process to reconfigure default SNMP values to custom values.</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/ImplementationMethod$">This activity should be reviewed by the organization to determine its applicability. If required, change the default SNMP community name on all management tools that use the SNMP protocol and manually assert whether this procedure has been implemented.
Technology Components
The SNMP community name is stored in the registry as a registry value with a DWORD value of 4 at:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities].
The community name can be manually changed using the following steps:
1. Log on to the computer with an account that is a member of the local Administrators group or has been delegated permission to install and configure system services.
2. Run services.msc to open the Services snap-in console.
3. At the Services console, double-click SNMP Service, then click the Traps tab.
4. In the Community names field, type the community name that you want to use.
5. Click Add to list and the name that you typed will display in the Community names drop down list.
6. Click OK to close the dialog boxes.
</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/AdditionalGuidance$">No additional guidance provided.
</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestSummary$">Manual Assertion
Manually assert whether the procedure has been sufficiently and reasonably performed since the last assertion.
Manual assertions should be recorded at a frequency that is commensurate with audit sample sizes and frequencies, which can vary according to GRC authority document requirements and your organization's audit schedule. Determine what personnel will make the manual assertion by asking the GRC program manager. Typically, this assertion will be made by an analyst who observes an IT professional that enacts the process.
Record the compliance state as an assertion within the GRC program with one of the following states: compliant, noncompliant, error, or unknown.
Manual Assertion Steps:
1. Open the Service Manager Console.
2. Click the Compliance and Risk Items Workspace.
3. Expand the Control Management folder, then the Control Activities folders and select the All Control activities View.
4. In the Control Activities View, select those Control Activities for which you want to add a result and in the Task pane select Edit Control Activity. Service Manager Console launches the Control Activity form with the selected control activity.
5. In the Control Activity form, in the Task pane, select the Add Result Console task. Service Manager Console launches the Select Template dialog.
6. Select one of the templates for the results (Compliant, Non-Compliant, Unknown or Error). The Result form will open with the Result set to the control activity template name (for example, Compliant means Result = Compliant and so on). The owner field is populated with the current user name.
7. Select one of the programs from the Program Section before Results (OK button is enabled).
8. Save the results by clicking OK in the dialog. Service Manager Console creates a Number of Managed Entity Results per Configuration Item in Scope for the selected programs. Service Manager Console closes the Add Result dialog and creates a relationship between the control activity and Managed Entity Result in the CMDB. The Control Activity form remains open and displays the updated control activity in the form.
</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestId$">N/A</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/TestName$">N/A</Property>
<Property Path="$Context/Property[Type='GRC!System.Compliance.ControlActivity']/SupportedControlObjectives$">GRC_MCO_00017</Property>
</ObjectTemplate>