DISA STIG Arista MLS DCS-7000 Series NDM v1r3

Audit Details

Name: DISA STIG Arista MLS DCS-7000 Series NDM v1r3

Updated: 4/25/2022

Authority: DISA STIG

Plugin: Arista

Revision: 1.6

Estimated Item Count: 60

File Details

Filename: DISA_STIG_Arista_NDM_STIG_v1r3.audit

Size: 141 kB

MD5: 52660840c92c82ed5f47603d1db97bd4
SHA256: 1bfd0af5fd55d34e0efdfc253150e13ebe2c66deb33f814f1075bb606b3f1da2

Audit Items

DescriptionCategories
AMLS-NM-000100 - The Arista Multilayer Switch must have a local infrequently used account to be used as an account of last resort with full access to the network device.

CONFIGURATION MANAGEMENT

AMLS-NM-000110 - The Arista Multilayer Switch account of last resort must have a password with a length of 15 characters.

IDENTIFICATION AND AUTHENTICATION

AMLS-NM-000120 - The Arista Multilayer Switch must automatically audit account creation.

ACCESS CONTROL

AMLS-NM-000130 - The Arista Multilayer Switch must automatically audit account modification.

ACCESS CONTROL

AMLS-NM-000140 - The Arista Multilayer Switch must automatically audit account disabling actions.

ACCESS CONTROL

AMLS-NM-000150 - The Arista Multilayer Switch must automatically audit account removal actions.

ACCESS CONTROL

AMLS-NM-000160 - The Arista Multilayer Switch must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.

ACCESS CONTROL

AMLS-NM-000170 - The Arista Multilayer Switch must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.

AUDIT AND ACCOUNTABILITY

AMLS-NM-000180 - The Arista Multilayer Switch must generate audit records when successful/unsuccessful attempts to access privileges occur.

AUDIT AND ACCOUNTABILITY

AMLS-NM-000190 - The Arista Multilayer Switch must produce audit log records containing sufficient information to establish what type of event occurred.

AUDIT AND ACCOUNTABILITY

AMLS-NM-000200 - The Arista Multilayer Switch must generate audit records containing the full-text recording of privileged commands.

AUDIT AND ACCOUNTABILITY

AMLS-NM-000210 - The Arista Multilayer Switch must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

CONFIGURATION MANAGEMENT

AMLS-NM-000220 - The Arista Multilayer Switch must use multifactor authentication for local access to privileged accounts.

IDENTIFICATION AND AUTHENTICATION

AMLS-NM-000240 - The Arista Multilayer Switch must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.

SYSTEM AND COMMUNICATIONS PROTECTION

AMLS-NM-000250 - The Arista Multilayer Switch must reveal error messages only to authorized individuals (ISSO, ISSM, and SA) - ISSO, ISSM, and SA.

SYSTEM AND INFORMATION INTEGRITY

AMLS-NM-000260 - The Arista Multilayer Switch must activate a system alert message, send an alarm, and/or automatically shut down when a component failure is detected.

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

AMLS-NM-000270 - The Arista Multilayer Switch must synchronize internal information system clocks to the authoritative time source when the time difference is greater than the organization-defined time period.

AUDIT AND ACCOUNTABILITY

AMLS-NM-000280 - The Arista Multilayer Switch must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources - NTP Server 1

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

AMLS-NM-000280 - The Arista Multilayer Switch must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources - NTP Server 2

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

AMLS-NM-000290 - The Arista Multilayer Switch must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).

AUDIT AND ACCOUNTABILITY

AMLS-NM-000340 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications - api http

MAINTENANCE

AMLS-NM-000340 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications - api https

MAINTENANCE

AMLS-NM-000340 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications - telnet

MAINTENANCE

AMLS-NM-000350 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications - api http

MAINTENANCE

AMLS-NM-000350 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications - api https

MAINTENANCE

AMLS-NM-000350 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications - telnet

MAINTENANCE

AMLS-NM-000360 - The Arista Multilayer Switch must generate audit records for privileged activities or other system-level access - aaa commands

AUDIT AND ACCOUNTABILITY

AMLS-NM-000360 - The Arista Multilayer Switch must generate audit records for privileged activities or other system-level access - aaa exec

AUDIT AND ACCOUNTABILITY

AMLS-NM-000360 - The Arista Multilayer Switch must generate audit records for privileged activities or other system-level access - aaa system

AUDIT AND ACCOUNTABILITY

AMLS-NM-000370 - The Arista Multilayer Switch must generate audit records showing starting and ending time for administrator access to the system - all logging

AUDIT AND ACCOUNTABILITY

AMLS-NM-000370 - The Arista Multilayer Switch must generate audit records showing starting and ending time for administrator access to the system - trap logging

AUDIT AND ACCOUNTABILITY

AMLS-NM-000380 - The Arista Multilayer Switch must generate audit records when concurrent logons from different workstations occur - show logging

AUDIT AND ACCOUNTABILITY

AMLS-NM-000380 - The Arista Multilayer Switch must generate audit records when concurrent logons from different workstations occur - trap logging

AUDIT AND ACCOUNTABILITY

AMLS-NM-000390 - The Arista Multilayer Switch must generate audit records for all account creations, modifications, disabling, and termination events - show logging

AUDIT AND ACCOUNTABILITY

AMLS-NM-000390 - The Arista Multilayer Switch must generate audit records for all account creations, modifications, disabling, and termination events - trap logging

AUDIT AND ACCOUNTABILITY

AMLS-NM-000400 - The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time - logging host

AUDIT AND ACCOUNTABILITY

AMLS-NM-000400 - The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time - trap logging

AUDIT AND ACCOUNTABILITY

AMLS-NM-000420 - The Arista Multilayer Switch must protect the audit records of nonlocal accesses to privileged accounts and the execution of privileged functions - logging host

CONFIGURATION MANAGEMENT

AMLS-NM-000420 - The Arista Multilayer Switch must protect the audit records of nonlocal accesses to privileged accounts and the execution of privileged functions - show user-account

CONFIGURATION MANAGEMENT

AMLS-NM-000420 - The Arista Multilayer Switch must protect the audit records of nonlocal accesses to privileged accounts and the execution of privileged functions - trap logging

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa commands all default

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa commands all start-stop

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa console

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa dot1x default group

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa exec default

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa exec default start-stop

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa group server

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa login console group

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa login default group

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa policy on-failure

CONFIGURATION MANAGEMENT