STIGQter: STIG Summary: Arista MLS DCS-7000 Series RTR Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.

DISA Rule

SV-75273r1_rule

Vulnerability Number

V-60817

Group Title

SRG-NET-000019-RTR-000002

Rule Version

AMLS-L3-000100

Severity

CAT II

CCI(s)

• CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

Configure the router to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.

To use an IP access list to fulfill this function, enter the following commands, substituting organizational values for the bracketed variables.

ip access-list [name]
[permit/deny] [protocol] [source address] [source port] [destination address] [destination port]
exit

interface [type] [number]
ip access-group [name] [direction]

Check Contents

Verify each router enforces approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.

This requirement may be met through the use of IP access control lists. To verify IP access lists are configured, execute the "show ip access-lists summary" command, and check that the list is configured and is active on applicable interfaces. To verify the lists control the flow of information in accordance with organizational policy, enter the "show ip access-list [name]" command, and review the associated permit and deny statements.

If the router does not enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy, this is a finding.

Vulnerability Number

V-60817

Documentable

False

Rule Version

AMLS-L3-000100

Severity Override Guidance

Verify each router enforces approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.

This requirement may be met through the use of IP access control lists. To verify IP access lists are configured, execute the "show ip access-lists summary" command, and check that the list is configured and is active on applicable interfaces. To verify the lists control the flow of information in accordance with organizational policy, enter the "show ip access-list [name]" command, and review the associated permit and deny statements.

If the router does not enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy, this is a finding.

Check Content Reference

M

Target Key

2823

Comments