UCF STIG Viewer Logo

Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide


Overview

Date Finding Count (31)
2019-09-30 CAT I (High): 2 CAT II (Med): 23 CAT III (Low): 6
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Public)

Finding ID Severity Title
V-60815 High The Arista Multilayer Switch must have a local infrequently used account to be used as an account of last resort with full access to the network device.
V-60885 High The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings.
V-67197 Medium The Arista Multilayer Switch must use FIPS-compliant mechanisms for authentication to a cryptographic module.
V-60869 Medium Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.
V-60875 Medium The Arista Multilayer Switch must generate audit records showing starting and ending time for administrator access to the system.
V-60877 Medium The Arista Multilayer Switch must generate audit records when concurrent logons from different workstations occur.
V-60871 Medium Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.
V-60873 Medium The Arista Multilayer Switch must generate audit records for privileged activities or other system-level access.
V-60879 Medium The Arista Multilayer Switch must generate audit records for all account creations, modifications, disabling, and termination events.
V-60859 Medium The Arista Multilayer Switch must reveal error messages only to authorized individuals (ISSO, ISSM, and SA).
V-60835 Medium The Arista Multilayer Switch must automatically audit account creation.
V-60837 Medium The Arista Multilayer Switch must automatically audit account modification.
V-60839 Medium The Arista Multilayer Switch must automatically audit account disabling actions.
V-60857 Medium The Arista Multilayer Switch must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
V-60855 Medium The Arista Multilayer Switch must use multifactor authentication for local access to privileged accounts.
V-60833 Medium The Arista Multilayer Switch account of last resort must have a password with a length of 15 characters.
V-60853 Medium The Arista Multilayer Switch must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.
V-60863 Medium The Arista Multilayer Switch must synchronize internal information system clocks to the authoritative time source when the time difference is greater than the organization-defined time period.
V-60861 Medium The Arista Multilayer Switch must activate a system alert message, send an alarm, and/or automatically shut down when a component failure is detected.
V-60867 Medium The Arista Multilayer Switch must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
V-60865 Medium The Arista Multilayer Switch must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.
V-60881 Medium The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time.
V-60883 Medium The Arista Multilayer Switch must protect the audit records of nonlocal accesses to privileged accounts and the execution of privileged functions.
V-60841 Medium The Arista Multilayer Switch must automatically audit account removal actions.
V-60843 Medium The Arista Multilayer Switch must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.
V-67195 Low The Arista Multilayer Switch must be updated to one of the minimum approved versions of EOS.
V-60851 Low The Arista Multilayer Switch must generate audit records containing the full-text recording of privileged commands.
V-60887 Low The Arista Multilayer Switch must support organizational requirements to conduct backups of system-level information contained in the information system when changes occur or weekly, whichever is sooner.
V-60849 Low The Arista Multilayer Switch must produce audit log records containing sufficient information to establish what type of event occurred.
V-60845 Low The Arista Multilayer Switch must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.
V-60847 Low The Arista Multilayer Switch must generate audit records when successful/unsuccessful attempts to access privileges occur.