SB.11.003 Networking Hardware
Networking maintains a list of approved hardware components and their required configurations.
Networking hardware components are not accessible to unauthorised individuals.
Switches do not operate in promiscuous mode.
TACACS+ is preferred over RADIUS as a means of authentication.
SNMPv3 Community strings and passwords are managed as part of privileged access management and thus rotated when there have been changes in the roles or employment status of anyone with access to them. The use of SNMPv2 is prohibited.
Anti-spoofing protection is in place, such as IP Source Guard (CISCO), Port Security, DHCP snooping and Dynamic ARP Inspection.