DOCS-SEC-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter32 FROM SNMPv2-SMI -- RFC 2578 TEXTUAL-CONVENTION, TruthValue, MacAddress, RowStatus, DateAndTime FROM SNMPv2-TC -- RFC 2579 OBJECT-GROUP, MODULE-COMPLIANCE FROM SNMPv2-CONF -- RFC 2580 SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- RFC 3411 SnmpTagList FROM SNMP-TARGET-MIB -- RFC 3411 InetAddressType, InetAddress, InetAddressPrefixLength FROM INET-ADDRESS-MIB -- RFC 4001 docsIf3CmtsCmRegStatusEntry, docsIf3CmtsCmRegStatusId FROM DOCS-IF3-MIB clabProjDocsis FROM CLAB-DEF-MIB docsBpi2CodeDownloadControl FROM DOCS-IETF-BPI2-MIB; docsSecMib MODULE-IDENTITY LAST-UPDATED "202306010000Z" -- June 1, 2023 ORGANIZATION "Cable Television Laboratories, Inc." CONTACT-INFO " Postal: Cable Television Laboratories, Inc. 858 Coal Creek Circle Louisville, Colorado 80027-9750 U.S.A. Phone: +1 303-661-9100 Fax: +1 303-661-9199 E-mail: mibs@cablelabs.com" DESCRIPTION "This MIB module contains the management objects for the management of the security requirements in the DOCSIS Security Specification. Copyright 2006-2023 Cable Television Laboratories, Inc. All rights reserved." REVISION "202306010000Z" -- June 1, 2023 DESCRIPTION "Modified per DOCS-SEC-MIB-N-23.2309-1" REVISION "202203310000Z" -- March 31, 2022 DESCRIPTION "Modified per DOCS-SEC-MIB-N-22.2246-1" REVISION "202106170000Z" -- June 17, 2021 DESCRIPTION "Modified per DOCS-SEC-MIB-N-21.2172-1" REVISION "202102040000Z" -- February 4, 2021 DESCRIPTION "Modified per DOCS-SEC-MIB-N-21.2148-1" REVISION "202003190000Z" -- March 19, 2020 DESCRIPTION "Modified per DOCS-SEC-MIB-N-20.2087-1" REVISION "201601130000Z" -- January 13, 2016 DESCRIPTION "Modified per CM-OSSIv3.1-N-15.1393-6. Deprecate docsBpi2CodeUpdateCvcChain for DOCSIS 3.1 that was added earlier ECN CM-OSSIv3.1-N-15.1243-1. 3.1 PKI MIBs moved to DOCS-BPI2EXT-MIB" REVISION "201503260000Z" -- March 26, 2015 DESCRIPTION "Revised Version includes ECN CM-OSSIv3.1-N-15.1243-1 and published as CM-OSSIv3.1-I03, to support docsBpi2CodeUpdateCvcChain for DOCSIS 3.1." REVISION "201001150000Z" -- January 15, 2010 DESCRIPTION "Revised Version includes ECN OSSIv3.0-N-09.0872-4 and published as I11" REVISION "200905290000Z" -- May 29, 2009 DESCRIPTION "Revised Version includes ECNs OSSIv3.0-N-09.0773-1 OSSIv3.0-N-09.0775-3 OSSIv3.0-N-09.0777-2 and published as I09" REVISION "200702230000Z" -- February 23, 2007 DESCRIPTION "Revised Version includes ECN OSSIv3.0-N-06.0357-1 and published as IO2" REVISION "200612071700Z" -- December 7, 2006 DESCRIPTION "Initial version, published as part of the CableLabs OSSIv3.0 specification CM-SP-OSSIv3.0-I01-061207 Copyright 1999-2006 Cable Television Laboratories, Inc. All rights reserved." ::= { clabProjDocsis 11} -- Textual Conventions DocsCvcCaCertificateChain ::= TEXTUAL-CONVENTION DISPLAY-HINT "*" STATUS current DESCRIPTION "A degenerate PKCS7 signedData structure that contains the CVC and the CVC CA certificate chain in the certificates field." SYNTAX OCTET STRING (SIZE (0..8192)) -- Object Definitions docsSecMibObjects OBJECT IDENTIFIER ::= { docsSecMib 1 } docsSecCmtsServerCfg OBJECT IDENTIFIER ::= { docsSecMibObjects 1 } docsSecCmtsServerCfgTftpOptions OBJECT-TYPE SYNTAX BITS { hwAddr(0), netAddr(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute instructs the CMTS to insert the source IP address and/or MAC address of received TFTP packets into the TFTP option fields before forwarding the packets to the Config File server. This attribute is only applicable when the TftpProxyEnabled attribute of the MdCfg object is 'true'." REFERENCE "DOCSIS 3.0 Operations Support System Interface Specification CM-SP-OSSIv3.0-I01-061207, MdCfg Object Section in the Media Access Control (MAC) Requirements Annex." DEFVAL { { } } ::= { docsSecCmtsServerCfg 1 } docsSecCmtsServerCfgConfigFileLearningEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute enables and disables Configuration File Learning functionality. If this attribute is set to 'true' the CMTS will respond with Authentication Failure in the REG-RSP message when there is a mismatch between learned config file parameters and REG-REQ parameters. If this attribute is set to 'false', the CMTS will not execute config file learning and mismatch check. This attribute is only applicable when the TftpProxyEnabled attribute of the MdCfg object is 'true'." REFERENCE "DOCSIS 3.0 Operations Support System Interface Specification CM-SP-OSSIv3.0-I01-061207, MdCfg Object Section in the Media Access Control (MAC) Requirements Annex. DOCSIS 3.0 Security Specification CM-SP-SECv3.0-I01-060804, Secure Provisioning Section. DOCSIS 3.0 MAC and Upper Layer Protocols Interface Specification CM-SP-MULPIv3.0-I01-060804." DEFVAL { true } ::= { docsSecCmtsServerCfg 2 } docsSecCmtsEncrypt OBJECT IDENTIFIER ::= { docsSecMibObjects 2 } docsSecCmtsEncryptEncryptAlgPriority OBJECT-TYPE SYNTAX SnmpTagList MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute allows for configuration of a prioritized list of encryption algorithms the CMTS will use when selecting the primary SAID encryption algorithm for a given CM. The CMTS selects the highest priority encryption algorithm from this list that the CM supports. By default the following encryption algorithms are listed from highest to lowest priority (left being the highest): 128 bit AES, 56 bit DES, 40 bit DES. An empty list indicates that the CMTS attempts to use the latest and robust encryption algorithm supported by the CM. The CMTS will ignore unknown values or unsupported algorithms." DEFVAL { "aes128CbcMode des56CbcMode des40CbcMode" } ::= { docsSecCmtsEncrypt 1 } docsSecCmtsCmEaeExclusionTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsSecCmtsCmEaeExclusionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object defines a list of CMs or CM groups to exclude from Early Authentication and Encryption (EAE). This object allows overrides to the value of EAE Control for individual CMs or group of CMs for purposes such as debugging. The CMTS supports a minimum of 30 instances of the CmtsCmEaeExclusion object. This object is only applicable when the EarlyAuthEncryptCtrl attribute of the MdCfg object is enabled. This object supports the creation and deletion of multiple instances." REFERENCE "DOCSIS 3.0 Operations Support System Interface Specification CM-SP-OSSIv3.0-I01-061207, MdCfg Object Section in the Media Access Control (MAC) Requirements Annex. DOCSIS 3.0 Security Specification CM-SP-SECv3.0-I01-060804, Early Authentication And Encryption (EAE) Section." ::= { docsSecMibObjects 3} docsSecCmtsCmEaeExclusionEntry OBJECT-TYPE SYNTAX DocsSecCmtsCmEaeExclusionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The conceptual row of docsSecCmtsCmEaeExclusion. The CMTS persists all instances of CmtsCmEaeExclusion across reinitializations." INDEX { docsSecCmtsCmEaeExclusionId } ::= { docsSecCmtsCmEaeExclusionTable 1 } DocsSecCmtsCmEaeExclusionEntry ::= SEQUENCE { docsSecCmtsCmEaeExclusionId Unsigned32, docsSecCmtsCmEaeExclusionMacAddr MacAddress, docsSecCmtsCmEaeExclusionMacAddrMask MacAddress, docsSecCmtsCmEaeExclusionRowStatus RowStatus } docsSecCmtsCmEaeExclusionId OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This key uniquely identifies the exclusion MAC address rule." ::= { docsSecCmtsCmEaeExclusionEntry 1 } docsSecCmtsCmEaeExclusionMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This attribute identifies the CM MAC address. A match is made when a CM MAC address bitwise ANDed with the MacAddrMask attribute equals the value of this attribute." DEFVAL { '000000000000'H } ::= { docsSecCmtsCmEaeExclusionEntry 2 } docsSecCmtsCmEaeExclusionMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This attribute identifies the CM MAC address mask and is used with the MacAddr attribute." DEFVAL { 'FFFFFFFFFFFF'H } ::= { docsSecCmtsCmEaeExclusionEntry 3 } docsSecCmtsCmEaeExclusionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the status of rows in this table. There is no restriction on changing values in a row of this table while the row is active." ::= { docsSecCmtsCmEaeExclusionEntry 4 } docsSecCmtsSavControl OBJECT IDENTIFIER ::= { docsSecMibObjects 4 } docsSecCmtsSavControlCmAuthEnable OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute enables or disables Source Address Verification (SAV) for CM configured policies in the SavCmAuth object. If this attribute is set to 'false', the CM configured policies in the SavCmAuth object are ignored. This attribute is only applicable when the SrcAddrVerificationEnabled attribute of the MdCfg object is 'true'." REFERENCE "DOCSIS 3.0 Operations Support System Interface Specification CM-SP-OSSIv3.0-I01-061207, MdCfg Object Section in the Media Access Control (MAC) Requirements Annex." DEFVAL { true } ::= { docsSecCmtsSavControl 1 } docsSecSavCmAuthTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsSecSavCmAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object defines a read-only set of SAV policies associated with a CM that the CMTS will use in addition to the CMTS verification of an operator assigned IP Address being associated with a CM. When the CMTS has not resolved a source address of a CM CPE, the CMTS verifies if the CM CPE is authorized to pass traffic based on this object. These object policies include a list of subnet prefixes (defined in the SavStaticList object) or a SAV Group Name that could reference a CMTS configured list of subnet prefixes (defined in SavCfgList object) or vendor-specific policies. The CMTS populates the attributes of this object for a CM from that CM's config file. This object is only applicable when the SrcAddrVerificationEnabled attribute of the MdCfg object is 'true' and the CmAuthEnable attribute of the CmtsSavCtrl object is 'true'. The CMTS is not required to persist instances of this object across reinitializations." REFERENCE "DOCSIS 3.0 Operations Support System Interface Specification CM-SP-OSSIv3.0-I01-061207, MdCfg Object Section in the Media Access Control (MAC) Requirements Annex. DOCSIS 3.0 Security Specification CM-SP-SECv3.0-I01-060804, Secure Provisioning Section. DOCSIS 3.0 MAC and Upper Layer Protocols Interface Specification CM-SP-MULPIv3.0-I01-060804, Encodings for Configuration and MAC-Layer Messaging Annex." ::= { docsSecMibObjects 5} docsSecSavCmAuthEntry OBJECT-TYPE SYNTAX DocsSecSavCmAuthEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The conceptual row of docsSecSavCmAuth." INDEX { docsIf3CmtsCmRegStatusId } ::= { docsSecSavCmAuthTable 1 } DocsSecSavCmAuthEntry ::= SEQUENCE { docsSecSavCmAuthGrpName SnmpAdminString, docsSecSavCmAuthStaticPrefixListId Unsigned32 } docsSecSavCmAuthGrpName OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-only STATUS current DESCRIPTION "This attribute references the Name attribute of the SavCfgList object of a CM. If the CM signaled group name is not configured in the CMTS, the CMTS ignores this attribute value for the purpose of Source Address Verification. The CMTS must allow the modification of the GrpName object and use the updated SAV rules for newly discovered CPEs from CMs. When a source IP address is claimed by two CMs (e.g., detected as duplicated), the CMTS must use the current SAV rules defined for both CMs in case the SAV GrpName rules may have been updated. In the case of a persisting conflict, it is up to vendor-implementation to decide what CM should hold the SAV authorization. The zero-length string indicates that no SAV Group was signaled by the CM. The zero-length value or a non-existing reference in the SavCfgList object means the SavCfgListName is ignored for the purpose of SAV." REFERENCE "DOCSIS 3.0 MAC and Upper Layer Protocols Interface Specification CM-SP-MULPIv3.0-I01-060804, Encodings for Configuration and MAC-Layer Messaging Annex." ::= { docsSecSavCmAuthEntry 1 } docsSecSavCmAuthStaticPrefixListId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "This attribute identifies the reference to a CMTS created subnet prefix list based on the CM signaled static prefix list TLV elements. The CMTS may reuse this attribute value to reference more than one CM when those CMs have signaled the same subnet prefix list to the CMTS. The value zero indicates that no SAV static prefix encodings were signaled by the CM." ::= { docsSecSavCmAuthEntry 2 } docsSecSavCfgListTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsSecSavCfgListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object defines the CMTS configured subnet prefix extension to the SavCmAuth object. This object supports the creation and deletion of multiple instances. Creation of a new instance of this object requires the PrefixAddrType and PrefixAddr attributes to be set." ::= { docsSecMibObjects 6} docsSecSavCfgListEntry OBJECT-TYPE SYNTAX DocsSecSavCfgListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The conceptual row of docsSecSavCfgList. The CMTS persists all instances of SavCfgList across reinitializations." INDEX { docsSecSavCfgListName, docsSecSavCfgListRuleId } ::= { docsSecSavCfgListTable 1 } DocsSecSavCfgListEntry ::= SEQUENCE { docsSecSavCfgListName SnmpAdminString, docsSecSavCfgListRuleId Unsigned32, docsSecSavCfgListPrefixAddrType InetAddressType, docsSecSavCfgListPrefixAddr InetAddress, docsSecSavCfgListPrefixLen InetAddressPrefixLength, docsSecSavCfgListRowStatus RowStatus } docsSecSavCfgListName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..16)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This attribute is the key that identifies the instance of the SavCmAuth object to which this object extension belongs." ::= { docsSecSavCfgListEntry 1 } docsSecSavCfgListRuleId OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This attribute is the key that identifies a particular subnet prefix rule of an instance of this object." ::= { docsSecSavCfgListEntry 2 } docsSecSavCfgListPrefixAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "This attribute identifies the IP address type of this subnet prefix rule." ::= { docsSecSavCfgListEntry 3 } docsSecSavCfgListPrefixAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This attribute corresponds to the IP address of this subnet prefix rule in accordance to the PrefixAddrType attribute." ::= { docsSecSavCfgListEntry 4 } docsSecSavCfgListPrefixLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-create STATUS current DESCRIPTION "This attribute defines the length of the subnet prefix to be matched by this rule." ::= { docsSecSavCfgListEntry 5 } docsSecSavCfgListRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The row creation control of this conceptual row. An entry in this table can be set to active only when the following attributes are correctly assigned: PrefixAddrType PrefixAddress There are no restrictions to modify or delete entries in this table." ::= { docsSecSavCfgListEntry 6 } docsSecSavStaticListTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsSecSavStaticListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object defines a subnet prefix extension to the SavCmAuth object based on CM statically signaled subnet prefixes to the CMTS. When a CM signals to the CMTS static subnet prefixes, the CMTS must create a List Id to be referenced by the CM in the SavCmAuth StaticPrefixListId attribute, or the CMTS may reference an existing List Id associated to previously registered CMs in case of those subnet prefixes associated with the List Id match the ones signaled by the CM." REFERENCE "DOCSIS 3.0 MAC and Upper Layer Protocols Interface Specification CM-SP-MULPIv3.0-I01-060804, Encodings for Configuration and MAC-Layer Messaging Annex." ::= { docsSecMibObjects 7} docsSecSavStaticListEntry OBJECT-TYPE SYNTAX DocsSecSavStaticListEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The conceptual row of docsSecSavStaticList. The CMTS may persist instances of this object across reinitializations." INDEX { docsSecSavStaticListId, docsSecSavStaticListRuleId } ::= { docsSecSavStaticListTable 1 } DocsSecSavStaticListEntry ::= SEQUENCE { docsSecSavStaticListId Unsigned32, docsSecSavStaticListRuleId Unsigned32, docsSecSavStaticListPrefixAddrType InetAddressType, docsSecSavStaticListPrefixAddr InetAddress, docsSecSavStaticListPrefixLen InetAddressPrefixLength } docsSecSavStaticListId OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This key uniquely identifies the index that groups multiple subnet prefix rules. The CMTS assigns this value per CM or may reuse it among multiple CMs that share the same list of subnet prefixes." ::= { docsSecSavStaticListEntry 1 } docsSecSavStaticListRuleId OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This key identifies a particular static subnet prefix rule of an instance of this object." ::= { docsSecSavStaticListEntry 2 } docsSecSavStaticListPrefixAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "This attribute identifies the IP address type of this subnet prefix rule." ::= { docsSecSavStaticListEntry 3 } docsSecSavStaticListPrefixAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-only STATUS current DESCRIPTION "This attribute corresponds to the IP address of this subnet prefix rule in accordance to the PrefixAddrType attribute." ::= { docsSecSavStaticListEntry 4 } docsSecSavStaticListPrefixLen OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-only STATUS current DESCRIPTION "This attribute defines the length of the subnet prefix to be matched by this rule." ::= { docsSecSavStaticListEntry 5 } docsSecCmtsCmSavStatsTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsSecCmtsCmSavStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object provides a read-only list of SAV counters for different service theft indications." ::= { docsSecMibObjects 8} docsSecCmtsCmSavStatsEntry OBJECT-TYPE SYNTAX DocsSecCmtsCmSavStatsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The conceptual row of docsSecCmtsCmSavStats." AUGMENTS { docsIf3CmtsCmRegStatusEntry } ::= { docsSecCmtsCmSavStatsTable 1 } DocsSecCmtsCmSavStatsEntry ::= SEQUENCE { docsSecCmtsCmSavStatsSavDiscards Counter32 } docsSecCmtsCmSavStatsSavDiscards OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "This attribute provides the information about number of dropped upstream packets due to SAV failure." ::= { docsSecCmtsCmSavStatsEntry 1 } docsSecCmtsCertificate OBJECT IDENTIFIER ::= { docsSecMibObjects 9 } docsSecCmtsCertificateCertRevocationMethod OBJECT-TYPE SYNTAX INTEGER { none(1), crl(2), ocsp(3), crlAndOcsp(4) } MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute identifies which certificate revocation method is to be used by the CMTS to verify the cable modem certificate validity. The certificate revocation methods include Certification Revocation List (CRL) and Online Certificate Status Protocol (OCSP). The following options are available: The option 'none' indicates that the CMTS does not attempt to determine the revocation status of a certificate. The option 'crl' indicates the CMTS uses a Certificate Revocation List (CRL) as defined by the Url attribute of the CmtsCertRevocationList object. When the value of this attribute is changed to 'crl', it triggers the CMTS to retrieve the CRL from the URL specified by the Url attribute. If the value of this attribute is 'crl' when the CMTS starts up, it triggers the CMTS to retrieve the CRL from the URL specified by the Url attribute. The option 'ocsp' indicates the CMTS uses the Online Certificate Status Protocol (OCSP) as defined by the Url attribute of the CmtsOnlineCertStatusProtocol object. The option 'crlAndOcsp' indicates the CMTS uses both the CRL as defined by the Url attribute in the CmtsCertRevocationList object and OCSP as defined by the Url attribute in the CmtsOnlineCertStatusProtocol object. The CMTS persists the values of the CertRevocationMethod attribute across reinitializations." DEFVAL { none } ::= { docsSecCmtsCertificate 1 } docsSecCmtsCertRevocationList OBJECT IDENTIFIER ::= { docsSecMibObjects 10 } docsSecCmtsCertRevocationListUrl OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute contains the URL from where the CMTS will retrieve the CRL. When this attribute is set to a URL value different from the current value, it triggers the CMTS to retrieve the CRL from that URL. If the value of this attribute is a zero-length string, the CMTS does not attempt to retrieve the CRL. The CMTS persists the value of Url across reinitializations." REFERENCE "DOCSIS 3.0 Security Specification CM-SP-SECv3.0-I01-060804, BPI+ X.509 Certificate Profile and Management Section." DEFVAL { "" } ::= { docsSecCmtsCertRevocationList 1 } docsSecCmtsCertRevocationListRefreshInterval OBJECT-TYPE SYNTAX Unsigned32 (1..524160) UNITS "minutes" MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute contains the refresh interval for the CMTS to retrieve the CRL (referred to in the Url attribute) with the purpose of updating its Certificate Revocation List. This attribute is meaningful if the tbsCertList.nextUpdate attribute does not exist in the last retrieved CRL, otherwise the value 0 is returned. The CMTS persists the value of RefreshInterval across reinitializations." REFERENCE "DOCSIS 3.0 Security Specification CM-SP-SECv3.0-I01-060804, BPI+ X.509 Certificate Profile and Management Section." DEFVAL { 10080 } ::= { docsSecCmtsCertRevocationList 2 } docsSecCmtsCertRevocationListLastUpdate OBJECT-TYPE SYNTAX DateAndTime MAX-ACCESS read-only STATUS current DESCRIPTION "This attribute contains the last date and time when the CRL was retrieved by the CMTS. If the CRL has not been updated, then this variable shall have the value corresponding to January 1, year 0000, 00:00:00.0, which is encoded as (hex)'00 00 01 01 00 00 00 00'." ::= { docsSecCmtsCertRevocationList 3 } docsSecCmtsOnlineCertStatusProtocol OBJECT IDENTIFIER ::= { docsSecMibObjects 11 } docsSecCmtsOnlineCertStatusProtocolUrl OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute contains the URL string to retrieve OCSP information. If the value of this attribute is a zero-length string, the CMTS does not attempt to request the status of a CM certificate. The CMTS persists the value of Url across reinitializations." REFERENCE "DOCSIS 3.0 Security Specification CM-SP-SECv3.0-I01-060804, BPI+ X.509 Certificate Profile and Management Section. RFC 2560." DEFVAL { "" } ::= { docsSecCmtsOnlineCertStatusProtocol 1 } docsSecCmtsOnlineCertStatusProtocolSignatureBypass OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute enables or disables signature checking on OCSP response messages. The CMTS persists the value of SignatureBypass across reinitializations." REFERENCE "DOCSIS 3.0 Security Specification CM-SP-SECv3.0-I01-060804, BPI+ X.509 Certificate Profile and Management Section. RFC 2560." DEFVAL { false } ::= { docsSecCmtsOnlineCertStatusProtocol 2 } docsSecCmtsCmBpi2EnforceExclusionTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsSecCmtsCmBpi2EnforceExclusionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object defines a list of CMs or CM groups to exclude from BPI+ enforcement policies configured within the CMTS. This object allows overrides to the value of BPI+ enforcement control for individual CMs or group of CMs for purposes such as debugging. The CMTS supports a minimum of 30 instances of the CmtsCmBpi2EnforceExclusion object. This object supports the creation and deletion of multiple instances." REFERENCE "DOCSIS 3.0 Operations Support System Interface Specification CM-SP-OSSIv3.0-I11-100115, MdCfg Object Section in the Media Access Control (MAC) Requirements Annex. DOCSIS 3.0 Security Specification CM-SP-SECv3.0-I12-100115, BPI+ Enforce Section." ::= { docsSecMibObjects 12} docsSecCmtsCmBpi2EnforceExclusionEntry OBJECT-TYPE SYNTAX DocsSecCmtsCmBpi2EnforceExclusionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The conceptual row of docsSecCmtsCmBpi2EnforceExclusion. The CMTS persists all instances of CmtsCmBpi2EnforceExclusion across reinitializations." INDEX { docsSecCmtsCmBpi2EnforceExclusionId } ::= { docsSecCmtsCmBpi2EnforceExclusionTable 1 } DocsSecCmtsCmBpi2EnforceExclusionEntry ::= SEQUENCE { docsSecCmtsCmBpi2EnforceExclusionId Unsigned32, docsSecCmtsCmBpi2EnforceExclusionMacAddr MacAddress, docsSecCmtsCmBpi2EnforceExclusionMacAddrMask MacAddress, docsSecCmtsCmBpi2EnforceExclusionRowStatus RowStatus } docsSecCmtsCmBpi2EnforceExclusionId OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This key uniquely identifies the exclusion MAC address rule." ::= { docsSecCmtsCmBpi2EnforceExclusionEntry 1 } docsSecCmtsCmBpi2EnforceExclusionMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This attribute identifies the CM MAC address. A match is made when a CM MAC address bitwise ANDed with the MacAddrMask attribute equals the value of this attribute." DEFVAL { '000000000000'H } ::= { docsSecCmtsCmBpi2EnforceExclusionEntry 2 } docsSecCmtsCmBpi2EnforceExclusionMacAddrMask OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This attribute identifies the CM MAC address mask and is used with the MacAddr attribute." DEFVAL { 'FFFFFFFFFFFF'H } ::= { docsSecCmtsCmBpi2EnforceExclusionEntry 3 } docsSecCmtsCmBpi2EnforceExclusionRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the status of rows in this table. There is no restriction on changing values in a row of this table while the row is active." ::= { docsSecCmtsCmBpi2EnforceExclusionEntry 4 } -- -- CM SSH Key Management Objects -- -- docsSecCmSshKeyManagement OBJECT IDENTIFIER::= { docsSecMibObjects 13 } docsSecCmSshServer OBJECT IDENTIFIER::= { docsSecCmSshKeyManagement 1 } docsSecCmSshServerEnabledInterfaces OBJECT-TYPE SYNTAX BITS { customerFacing(0), operatorFacing(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute reports whether SSH server function is enabled in the CM. The CM is required to disable SSH server function by default. The possible values for this attribute are listed below: Bit 0 'customerFacing' CM allows access only from all local (customer premises) network interfaces, addresses. This includes Ethernet, wireless and MOCA interfaces. Bit 1 'operatorFacing' CM allows access only from all network private interfaces,addresses (i.e., operator's network). If both Bit 0 and Bit 1 are set, the CM allows access from both local and private network interfaces,addresses." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 SshServer::EnabledInterfaces" DEFVAL { { operatorFacing } } ::= { docsSecCmSshServer 1 } docsSecCmSshServerStatus OBJECT-TYPE SYNTAX INTEGER { disconnectedNotAllowed(1), disconnectedProtocolError(2), disconnectedKeyExchangeFailed(3), disconnectedReserved(4), disconnectedMacError(5), disconnectedCompressionError(6), disconnectedServiceNotAvailable(7), disconnectedProtocolVersionNotSupported(8), disconnectedHostKeyNotVerifiable(9), disconnectedConnectionLost(10), disconnectedByApplication(11), disconnectedTooManyConnections(12), disconnectedAuthCancelledByUser(13), disconnectedNoMoreAuthMethods(14), disconnectedIllegalUserName(15), connected(16), disconnectedUnknown(17) } MAX-ACCESS read-only STATUS current DESCRIPTION "This attribute reports the status of the connection between the CM SSH server and the SSH client. The possible values for this attribute are defined in RFC 4253 and are listed below: 'disconnectedNotAllowed' SSH client is not allowed to connect to the host 'disconnectedProtocolError' SSH client disconnected because of SSH protocol error 'disconnectedKeyExchangeFailed' SSH client disconnected because the SSH key exchange failed at the SSH transport layer 'disconnectedReserved' Value reserved for future use 'disconnectedMacError' SSH client disconnected due to the incompatibility of the Message Authentication code algorithm or value 'disconnectedCompressionError' SSH client disconnected due to the failure of compression on the packet payload when it is required or the incompatibility of the compression algorithm exists 'disconnectedServiceNotAvailable' SSH client disconnected because SSH service is not available on the server 'disconnectedProtocolVersionNotSupported' SSH client disconnected because the SSH protocol version is not supported by the server 'disconnectedHostKeyNotVerifiable' SSH client disconnected because of using an unverifiable host key. 'disconnectedConnectionLost' SSH client disconnected because of inactivity 'disconnectedByApplication' SSH server disconnected by the SCCA application when performing the TLS-based Authentication 'disconnectedTooManyConnections' SSH client disconnected because the connections limitation has been exceeded 'disconnectedAuthCancelledByUser' SSH client disconnected because the authentication is cancelled by the user 'disconnectedNoMoreAuthMethods' SSH client disconnected because no more authentication methods are available 'disconnectedIllegalUserName' SSH client disconnected because of an illegal username 'connected' Connection between the CM SSH server and the SSH client is active 'disconnectedUnknown' SSH client disconnected for unknown or other reason" REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 SshServer::Status" ::= { docsSecCmSshServer 2 } docsSecCmSshServerPublicKey OBJECT-TYPE SYNTAX OCTET STRING MAX-ACCESS read-only STATUS current DESCRIPTION "This attribute is the authorized SSH client public key used by the CM to authenticate the client when the client attempts to set up a CLI SSH connection. " REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 SshServer::PublicKey" ::= { docsSecCmSshServer 3 } docsSecCmSshServerNewConnectionTimeout OBJECT-TYPE SYNTAX Unsigned32 (0..28800) UNITS "Seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute is the new SSH connection timeout provisioned on the CM. When this timeout value is reached, the CM sets the Enabled attribute to 'false' and stops accepting new SSH connections. Established connections remain active." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 SshServer::NewConnectionTimeout" DEFVAL { 0 } ::= { docsSecCmSshServer 4 } docsSecCmSshServerInactivityTimeout OBJECT-TYPE SYNTAX Unsigned32 (0..65535) UNITS "Seconds" MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute is the SSH inactivity timeout provisioned on the CM. This attribute represents the time at which an established connection is terminated if there is no activity. Inactivity is defined as the remote side of the connection timing out and disconnecting. If this attribute is set to zero, the inactivity timeout will be implementation specific." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 SshServer::InactivityTimeout" DEFVAL { 1800 } ::= { docsSecCmSshServer 5 } docsSecCmSshServerSshSourceAddrRestrictionType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-write STATUS current DESCRIPTION "The type of internet address associated to the SSH source address restriction." ::= { docsSecCmSshServer 6 } docsSecCmSshServerSshSourceAddrRestriction OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This optional attribute is the SSH source address restriction provisioned on the CM. When this attribute is not present, the CM enables unrestricted access to the SSH server." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 SshServer::SshSourceAddrRestriction" ::= { docsSecCmSshServer 7 } docsSecCmSshServerSshSourcePrefixRestriction OBJECT-TYPE SYNTAX InetAddressPrefixLength MAX-ACCESS read-write STATUS current DESCRIPTION "This optional attribute is the SSH source address prefix restriction provisioned on the CM. This attribute is a network, address specifier in CIDR notation that limits the IP addresses where SSH connections can originate. " REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 SshServer::SshSourcePrefixRestriction" ::= { docsSecCmSshServer 8 } docsSecCmCdsFileServer OBJECT IDENTIFIER::= { docsSecCmSshKeyManagement 2 } docsSecCmCdsFileServerIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute indicates the type of the Internet address for IpAddr." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 CdsFileServer::IpAddrType" ::= { docsSecCmCdsFileServer 1 } docsSecCmCdsFileServerIpAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute is the Internet address of the CDS server in the operator's network." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 CdsFileServer::IpAddr" ::= { docsSecCmCdsFileServer 2 } docsSecCmCdsFileServerSshCmCdsDownloadUrl OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..2048)) MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute is the URL of the CDS server in the operator's network." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 CdsFileServer::SshCmCdsDownloadUrl" ::= { docsSecCmCdsFileServer 3 } docsSecCmCdsFileServerRevocationStatusAction OBJECT-TYPE SYNTAX INTEGER { continue(0), reject(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute is the action taken by the CM if it does not receive revocation status from the provisioning system server. The possible values for this object are listed below: 'continue' Continue operation with the CDS server 'reject' Reject the connection with the CDS server" REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 CdsFileServer::RevocationStatusAction" DEFVAL { 1 } ::= { docsSecCmCdsFileServer 4 } docsSecCmSshCmCds OBJECT IDENTIFIER::= { docsSecCmSshKeyManagement 3 } docsSecCmPasswordCredentialTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsSecCmPasswordCredentialEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains authorized password credential information for the CM to authenticate SSH Client CLI connections. The CM supports creation of new instances of the PasswordCredential object and deletion of existing PasswordCredential object instances." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 PasswordCredential" ::= { docsSecCmSshCmCds 1 } docsSecCmPasswordCredentialEntry OBJECT-TYPE SYNTAX DocsSecCmPasswordCredentialEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The conceptual row of docsSecCmPasswordCredentialTable." INDEX { docsSecCmPasswordCredentialIndex } ::= { docsSecCmPasswordCredentialTable 1 } DocsSecCmPasswordCredentialEntry ::= SEQUENCE { docsSecCmPasswordCredentialIndex Unsigned32, docsSecCmPasswordCredentialUserId SnmpAdminString, docsSecCmPasswordCredentialPassword OCTET STRING, docsSecCmPasswordCredentialMacAddr MacAddress, docsSecCmPasswordCredentialRowStatus RowStatus } docsSecCmPasswordCredentialIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This key attribute represents the unique identifier of an instance of this object." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 PasswordCredential::Index" ::= { docsSecCmPasswordCredentialEntry 1 } docsSecCmPasswordCredentialUserId OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-create STATUS current DESCRIPTION "This attribute is the identifier of the user for which the password credential is to be evaluated." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 PasswordCredential::UserId" ::= { docsSecCmPasswordCredentialEntry 2 } docsSecCmPasswordCredentialPassword OBJECT-TYPE SYNTAX OCTET STRING (SIZE (8..128)) MAX-ACCESS read-create STATUS current DESCRIPTION "This attribute is a string encoded in the [ISO 8859-1] character-set and using characters in the range from 0x21 to 0x7E serving as the credential to be evaluated for the user." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 PasswordCredential::Password" ::= { docsSecCmPasswordCredentialEntry 3 } docsSecCmPasswordCredentialMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This optional attribute is the MAC address assigned to the CM." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 PasswordCredential::MacAddr" DEFVAL { '000000000000'H } ::= { docsSecCmPasswordCredentialEntry 4 } docsSecCmPasswordCredentialRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the status of rows in this table. There is no restriction on changing values in a row of this table while the row is active." ::= { docsSecCmPasswordCredentialEntry 5 } docsSecCmPublicKeyCredentialTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsSecCmPublicKeyCredentialEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table contains authorized RSA Public Key credential information for the CM to authenticate SSH Client CLI connections. The CM supports creation of new instances of the PublicKeyCredential object and deletion of existing PublicKeyCredential object instances." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 PublicKeyCredential" ::= { docsSecCmSshCmCds 2 } docsSecCmPublicKeyCredentialEntry OBJECT-TYPE SYNTAX DocsSecCmPublicKeyCredentialEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The conceptual row of docsSecCmPublicKeyCredentialTable." INDEX { docsSecCmPublicKeyCredentialIndex } ::= { docsSecCmPublicKeyCredentialTable 1 } DocsSecCmPublicKeyCredentialEntry ::= SEQUENCE { docsSecCmPublicKeyCredentialIndex Unsigned32, docsSecCmPublicKeyCredentialSshPublicKey OCTET STRING, docsSecCmPublicKeyCredentialMacAddr MacAddress, docsSecCmPublicKeyCredentialRowStatus RowStatus } docsSecCmPublicKeyCredentialIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS current DESCRIPTION "This key attribute represents the unique identifier of an instance of this object." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 PublicKeyCredential::Index" ::= { docsSecCmPublicKeyCredentialEntry 1 } docsSecCmPublicKeyCredentialSshPublicKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (256..512)) MAX-ACCESS read-create STATUS current DESCRIPTION "This attribute is a string containing a DER-encoded RSA PublicKey or ECDSA public keys in ASN.1 type, as defined in [X.509] and serving as the credential to be evaluated for the user." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 PublicKeyCredential::SshPublicKey" ::= { docsSecCmPublicKeyCredentialEntry 2 } docsSecCmPublicKeyCredentialMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS current DESCRIPTION "This optional attribute is the MAC address assigned to the CM." REFERENCE "Information Model Mapping: CM-SP-CM-OSSIv4.0 PublicKeyCredential::MacAddr" DEFVAL { '000000000000'H } ::= { docsSecCmPublicKeyCredentialEntry 3 } docsSecCmPublicKeyCredentialRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "Controls and reflects the status of rows in this table. There is no restriction on changing values in a row of this table while the row is active." ::= { docsSecCmPublicKeyCredentialEntry 4 } docsSecCmEccPublicKeyCredentialTable OBJECT-TYPE SYNTAX SEQUENCE OF DocsSecCmEccPublicKeyCredentialEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "This table contains authorized ECC Public Key credential information for the CM to authenticate SSH Client CLI connections. The CM supports creation of new instances of the EccPublicKeyCredential object and deletion of existing EccPublicKeyCredential object instances." REFERENCE "DOCSIS Security Specification, CM-SP-SECv4.0-I01-190815, August 15, 2019, Cable Television Laboratories, Inc. Secure Shell (SSH) Key Management for Cable Modems." ::= { docsSecCmSshCmCds 3} docsSecCmEccPublicKeyCredentialEntry OBJECT-TYPE SYNTAX DocsSecCmEccPublicKeyCredentialEntry MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "The conceptual row of docsSecCmEccPublicKeyCredentialTable." INDEX { docsSecCmEccPublicKeyCredentialIndex } ::= { docsSecCmEccPublicKeyCredentialTable 1 } DocsSecCmEccPublicKeyCredentialEntry ::= SEQUENCE { docsSecCmEccPublicKeyCredentialIndex Unsigned32, docsSecCmEccPublicKeyCredentialEccPublicKey OCTET STRING, docsSecCmEccPublicKeyCredentialMacAddr MacAddress, docsSecCmEccPublicKeyCredentialRowStatus RowStatus } docsSecCmEccPublicKeyCredentialIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967295) MAX-ACCESS not-accessible STATUS deprecated DESCRIPTION "This key attribute represents the unique identifier of an instance of this object." ::= { docsSecCmEccPublicKeyCredentialEntry 1 } docsSecCmEccPublicKeyCredentialEccPublicKey OBJECT-TYPE SYNTAX OCTET STRING (SIZE (16..64)) MAX-ACCESS read-create STATUS deprecated DESCRIPTION "This attribute is a string containing ASN.1 DER encoded ECParameters structure as defined in [RFC 3279] and serving as a credential to be evaluated for the user." ::= { docsSecCmEccPublicKeyCredentialEntry 2 } docsSecCmEccPublicKeyCredentialMacAddr OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-create STATUS deprecated DESCRIPTION "This optional attribute is the MAC address assigned to the CM." DEFVAL { '000000000000'H } ::= { docsSecCmEccPublicKeyCredentialEntry 3 } docsSecCmEccPublicKeyCredentialRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS deprecated DESCRIPTION "Controls and reflects the status of rows in this table. There is no restriction on changing values in a row of this table while the row is active." ::= { docsSecCmEccPublicKeyCredentialEntry 4 } docsSecCmSccaServerCfg OBJECT IDENTIFIER::= { docsSecCmSshKeyManagement 4 } docsSecCmSccaServerCfgIpAddrType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute indicates the type of the Internet address for IpAddr." REFERENCE "Information Model Mapping: CM-SP-CM OSSIv4.0 SccaServerCfg::IpAddrType" ::= { docsSecCmSccaServerCfg 1 } docsSecCmSccaServerCfgIpAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute is the Internet address of the CDS server in the operator's network." REFERENCE "Information Model Mapping: CM-SP-CM OSSIv4.0 SccaServerCfg::IpAddr" ::= { docsSecCmSccaServerCfg 2 } docsSecCmSccaServerCfgRestApiUrl OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..2048)) MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute is the URL of the SCCA REST API to validate the user credentials." REFERENCE "Information Model Mapping: CM-SP-CM OSSIv4.0 SccaServerCfg::RestApiUrl" ::= { docsSecCmSccaServerCfg 3 } docsSecCmSccaServerCfgRevocationStatusAction OBJECT-TYPE SYNTAX INTEGER { continue(0), reject(1) } MAX-ACCESS read-write STATUS current DESCRIPTION "This attribute configures the action taken by the CM if it does not receive revocation status from the HTTPS server. The possible values for this object are listed below: 'continue' Continue operation with the HTTPS server 'reject' Reject the connection with the HTTPS server" REFERENCE "Information Model Mapping: CM-SP-CM OSSIv4.0 SccaServerCfg::RevocationStatusAction" DEFVAL { 0 } ::= { docsSecCmSccaServerCfg 4 } -- -- DOCS-IETF-BPI2-MIB extension (deprecated) -- -- docsBpi2CodeUpdateCvcChain OBJECT-TYPE SYNTAX DocsCvcCaCertificateChain MAX-ACCESS read-write STATUS deprecated DESCRIPTION "The value of this object is a degenerate PKCS7 signedData structure that contains the CVC and the CVC CA certificate chain in the certificates field. Setting this object triggers the device to verify the CVC and update the cvcAccessStart values. The content of this object is then discarded. If the device is not enabled to upgrade codefiles, or if the CVC verification fails, the CVC will be rejected. Reading this object always returns the zero-length OCTET STRING." REFERENCE "DOCSIS 3.1 Security Specification, CM-SP-SECv3.1-I02-150326, Secure Software Download Section" ::= { docsBpi2CodeDownloadControl 10 } -- Conformance Definitions docsSecMibConformance OBJECT IDENTIFIER ::= { docsSecMib 2 } docsSecMibCompliances OBJECT IDENTIFIER ::= { docsSecMibConformance 1 } docsSecMibGroups OBJECT IDENTIFIER ::= { docsSecMibConformance 2 } docsSecCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for CMTSs that implement the DOCSIS Security MIB." MODULE -- this MODULE MANDATORY-GROUPS { docsSecGroup } ::= { docsSecMibCompliances 1 } docsSecCmCompliance MODULE-COMPLIANCE STATUS deprecated DESCRIPTION "The compliance statement for CMs that implement the DOCSIS Security MIB." MODULE -- this MODULE MANDATORY-GROUPS { docsSecCmGroup } ::= { docsSecMibCompliances 2 } docsSecCmSshCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for CMs that implement SSH Key Management in the DOCSIS Security MIB." MODULE -- this MODULE MANDATORY-GROUPS { docsSecCmSshGroup } ::= { docsSecMibCompliances 3 } docsSecGroup OBJECT-GROUP OBJECTS { docsSecCmtsCertRevocationListUrl, docsSecCmtsCertRevocationListRefreshInterval, docsSecCmtsCertRevocationListLastUpdate, docsSecCmtsOnlineCertStatusProtocolUrl, docsSecCmtsOnlineCertStatusProtocolSignatureBypass, docsSecCmtsServerCfgTftpOptions, docsSecCmtsServerCfgConfigFileLearningEnable, docsSecCmtsEncryptEncryptAlgPriority, docsSecCmtsSavControlCmAuthEnable, docsSecCmtsCmEaeExclusionMacAddr, docsSecCmtsCmEaeExclusionMacAddrMask, docsSecCmtsCmEaeExclusionRowStatus, docsSecSavCmAuthGrpName, docsSecSavCmAuthStaticPrefixListId, docsSecSavCfgListPrefixAddrType, docsSecSavCfgListPrefixAddr, docsSecSavCfgListPrefixLen, docsSecSavCfgListRowStatus, docsSecSavStaticListPrefixAddrType, docsSecSavStaticListPrefixAddr, docsSecSavStaticListPrefixLen, docsSecCmtsCmSavStatsSavDiscards, docsSecCmtsCertificateCertRevocationMethod, docsSecCmtsCmBpi2EnforceExclusionMacAddr, docsSecCmtsCmBpi2EnforceExclusionMacAddrMask, docsSecCmtsCmBpi2EnforceExclusionRowStatus } STATUS current DESCRIPTION "Group of objects implemented in the CMTS." ::= { docsSecMibGroups 1 } docsSecCmGroup OBJECT-GROUP OBJECTS { docsBpi2CodeUpdateCvcChain, docsSecCmEccPublicKeyCredentialEccPublicKey, docsSecCmEccPublicKeyCredentialMacAddr, docsSecCmEccPublicKeyCredentialRowStatus } STATUS deprecated DESCRIPTION "Group of objects deprecated in the CM." ::= { docsSecMibGroups 2 } docsSecCmSshGroup OBJECT-GROUP OBJECTS { docsSecCmSshServerEnabledInterfaces, docsSecCmSshServerStatus, docsSecCmSshServerPublicKey, docsSecCmSshServerNewConnectionTimeout, docsSecCmSshServerInactivityTimeout, docsSecCmSshServerSshSourceAddrRestrictionType, docsSecCmSshServerSshSourceAddrRestriction, docsSecCmSshServerSshSourcePrefixRestriction, docsSecCmCdsFileServerIpAddrType, docsSecCmCdsFileServerIpAddr, docsSecCmCdsFileServerSshCmCdsDownloadUrl, docsSecCmCdsFileServerRevocationStatusAction, docsSecCmPasswordCredentialUserId, docsSecCmPasswordCredentialPassword, docsSecCmPasswordCredentialMacAddr, docsSecCmPasswordCredentialRowStatus, docsSecCmPublicKeyCredentialSshPublicKey, docsSecCmPublicKeyCredentialMacAddr, docsSecCmPublicKeyCredentialRowStatus, docsSecCmSccaServerCfgIpAddrType, docsSecCmSccaServerCfgIpAddr, docsSecCmSccaServerCfgRestApiUrl, docsSecCmSccaServerCfgRevocationStatusAction } STATUS current DESCRIPTION "Group of objects implemented in the CM for Ssh Key Management." ::= { docsSecMibGroups 3 } END