DISA STIG Arista MLS EOS 4.2x NDM v1r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Arista MLS EOS 4.2x NDM v1r1

Updated: 8/13/2024

Authority: DISA STIG

Plugin: Arista

Revision: 1.2

Estimated Item Count: 21

File Details

Filename: DISA_Arista_MLS_EOS_4.2x_NDM_v1r1_STIG.audit

Size: 60.3 kB

MD5: bae43cc477b3c536be9fef3803a8d7f3
SHA256: 59cb38b2343e3f28dadd72cdca3702ae5aa6178c068c9945461a3b10ddb9b37b

Audit Items

DescriptionCategories
ARST-ND-000010 - The Arista network device must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.
ARST-ND-000110 - The Arista network device must enforce approved authorizations for controlling the flow of management information within the network device based on information flow control policies.
ARST-ND-000120 - The Arista network device must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.
ARST-ND-000130 - The Arista network device must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the device.
ARST-ND-000150 - The Arista network device must be configured to audit all administrator activity.
ARST-ND-000340 - The Arista network device must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.
ARST-ND-000350 - The Arista network device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.
ARST-ND-000380 - The Arista network device must enforce a minimum 15-character password length.
ARST-ND-000470 - The Arista network device must use FIPS 140-2 approved algorithms for authentication to a cryptographic module.
ARST-ND-000490 - The Arista network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.
ARST-ND-000550 - If the Arista network device uses role-based access control, the network device must enforce organization-defined role-based access control policies over defined subjects and objects.
ARST-ND-000600 - The Arista network device must be configured to synchronize internal system clocks using redundant authenticated time sources.
ARST-ND-000660 - The Arista network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).
ARST-ND-000690 - The Arista network devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions.
ARST-ND-000700 - The Arista network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.
ARST-ND-000790 - The Arista network device must be configured to capture all DOD auditable events.
ARST-ND-000810 - The network device must be configured to use an authentication server to authenticate users prior to granting administrative access.
ARST-ND-000820 - The network device must be configured to conduct backups of system level information contained in the information system when changes occur.
ARST-ND-000840 - The Arista network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
ARST-ND-000850 - The Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.
ARST-ND-000860 - The Arista network device must be running an operating system release that is currently supported by the vendor.