DISA STIG Arista MLS DCS-7000 Series NDM v1r4

Audit Details

Name: DISA STIG Arista MLS DCS-7000 Series NDM v1r4

Updated: 8/19/2024

Authority: DISA STIG

Plugin: Arista

Revision: 1.0

Estimated Item Count: 56

File Details

Filename: DISA_STIG_Arista_NDM_STIG_v1r4.audit

Size: 138 kB

MD5: faceecd54cf5a665deeeb1d675232350
SHA256: 4d5a990b73cee434f72f61ee4e2cbae8baeca2e74d80f5956f77ce8b2e52561f

Audit Items

DescriptionCategories
AMLS-NM-000100 - The Arista Multilayer Switch must have a local infrequently used account to be used as an account of last resort with full access to the network device.

CONFIGURATION MANAGEMENT

AMLS-NM-000110 - The Arista Multilayer Switch account of last resort must have a password with a length of 15 characters.

IDENTIFICATION AND AUTHENTICATION

AMLS-NM-000120 - The Arista Multilayer Switch must automatically audit account creation.

ACCESS CONTROL

AMLS-NM-000130 - The Arista Multilayer Switch must automatically audit account modification.

ACCESS CONTROL

AMLS-NM-000140 - The Arista Multilayer Switch must automatically audit account disabling actions.

ACCESS CONTROL

AMLS-NM-000150 - The Arista Multilayer Switch must automatically audit account removal actions.

ACCESS CONTROL

AMLS-NM-000160 - The Arista Multilayer Switch must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.

ACCESS CONTROL

AMLS-NM-000170 - The Arista Multilayer Switch must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.

AUDIT AND ACCOUNTABILITY

AMLS-NM-000180 - The Arista Multilayer Switch must generate audit records when successful/unsuccessful attempts to access privileges occur.

AUDIT AND ACCOUNTABILITY

AMLS-NM-000190 - The Arista Multilayer Switch must produce audit log records containing sufficient information to establish what type of event occurred.

AUDIT AND ACCOUNTABILITY

AMLS-NM-000200 - The Arista Multilayer Switch must generate audit records containing the full-text recording of privileged commands.

AUDIT AND ACCOUNTABILITY

AMLS-NM-000210 - The Arista Multilayer Switch must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

CONFIGURATION MANAGEMENT

AMLS-NM-000220 - The Arista Multilayer Switch must use multifactor authentication for local access to privileged accounts.

IDENTIFICATION AND AUTHENTICATION

AMLS-NM-000240 - The Arista Multilayer Switch must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.

SYSTEM AND COMMUNICATIONS PROTECTION

AMLS-NM-000280 - The Arista Multilayer Switch must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources - NTP Server 1

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

AMLS-NM-000280 - The Arista Multilayer Switch must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources - NTP Server 2

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

AMLS-NM-000290 - The Arista Multilayer Switch must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).

AUDIT AND ACCOUNTABILITY

AMLS-NM-000340 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications - api http

MAINTENANCE

AMLS-NM-000340 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications - api https

MAINTENANCE

AMLS-NM-000340 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications - telnet

MAINTENANCE

AMLS-NM-000350 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications - api http

MAINTENANCE

AMLS-NM-000350 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications - api https

MAINTENANCE

AMLS-NM-000350 - Arista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications - telnet

MAINTENANCE

AMLS-NM-000360 - The Arista Multilayer Switch must generate audit records for privileged activities or other system-level access - aaa commands

AUDIT AND ACCOUNTABILITY

AMLS-NM-000360 - The Arista Multilayer Switch must generate audit records for privileged activities or other system-level access - aaa exec

AUDIT AND ACCOUNTABILITY

AMLS-NM-000360 - The Arista Multilayer Switch must generate audit records for privileged activities or other system-level access - aaa system

AUDIT AND ACCOUNTABILITY

AMLS-NM-000370 - The Arista Multilayer Switch must generate audit records showing starting and ending time for administrator access to the system - all logging

AUDIT AND ACCOUNTABILITY

AMLS-NM-000370 - The Arista Multilayer Switch must generate audit records showing starting and ending time for administrator access to the system - trap logging

AUDIT AND ACCOUNTABILITY

AMLS-NM-000380 - The Arista Multilayer Switch must generate audit records when concurrent logons from different workstations occur - show logging

AUDIT AND ACCOUNTABILITY

AMLS-NM-000380 - The Arista Multilayer Switch must generate audit records when concurrent logons from different workstations occur - trap logging

AUDIT AND ACCOUNTABILITY

AMLS-NM-000400 - The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time - logging host

AUDIT AND ACCOUNTABILITY

AMLS-NM-000400 - The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time - trap logging

AUDIT AND ACCOUNTABILITY

AMLS-NM-000420 - The Arista Multilayer Switch must protect the audit records of nonlocal accesses to privileged accounts and the execution of privileged functions - logging host

CONFIGURATION MANAGEMENT

AMLS-NM-000420 - The Arista Multilayer Switch must protect the audit records of nonlocal accesses to privileged accounts and the execution of privileged functions - show user-account

CONFIGURATION MANAGEMENT

AMLS-NM-000420 - The Arista Multilayer Switch must protect the audit records of nonlocal accesses to privileged accounts and the execution of privileged functions - trap logging

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa commands all default

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa commands all start-stop

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa console

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa dot1x default group

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa exec default

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa exec default start-stop

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa group server

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa login console group

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa login default group

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa policy on-failure

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa policy on-success

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa system default start-stop

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - no aaa root

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - radius/tacacs-server host

CONFIGURATION MANAGEMENT

AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - show aaa sessions

CONFIGURATION MANAGEMENT