| ARST-ND-000010 - The Arista network device must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type. | ACCESS CONTROL |
| ARST-ND-000110 - The Arista network device must enforce approved authorizations for controlling the flow of management information within the network device based on information flow control policies. | ACCESS CONTROL |
| ARST-ND-000120 - The Arista network device must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes. | ACCESS CONTROL |
| ARST-ND-000130 - The Arista network device must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the device. | ACCESS CONTROL |
| ARST-ND-000150 - The Arista network device must be configured to audit all administrator activity. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| ARST-ND-000340 - The Arista network device must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services. | CONFIGURATION MANAGEMENT |
| ARST-ND-000350 - The Arista network device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000380 - The Arista network device must enforce a minimum 15-character password length. | IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000470 - The Arista network device must use FIPS 140-2 approved algorithms for authentication to a cryptographic module. | IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000490 - The Arista network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements. | MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-ND-000550 - If the Arista network device uses role-based access control, the network device must enforce organization-defined role-based access control policies over defined subjects and objects. | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| ARST-ND-000600 - The Arista network device must be configured to synchronize internal system clocks using redundant authenticated time sources. | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000660 - The Arista network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000690 - The Arista network devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| ARST-ND-000700 - The Arista network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. | MAINTENANCE |
| ARST-ND-000790 - The Arista network device must be configured to capture all DOD auditable events. | AUDIT AND ACCOUNTABILITY |
| ARST-ND-000810 - The network device must be configured to use an authentication server to authenticate users prior to granting administrative access. | CONFIGURATION MANAGEMENT |
| ARST-ND-000820 - The network device must be configured to conduct backups of system level information contained in the information system when changes occur. | CONTINGENCY PLANNING |
| ARST-ND-000840 - The Arista network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider. | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-ND-000850 - The Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO. | AUDIT AND ACCOUNTABILITY |
| ARST-ND-000860 - The Arista network device must be running an operating system release that is currently supported by the vendor. | CONFIGURATION MANAGEMENT |
