STIGQter: STIG Summary: Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 25 Oct 2019: STIGQter: STIG Summary: Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 25 Oct 2019:SV-75311r1_rule
V-60855
SRG-APP-000151-NDM-000248
AMLS-NM-000220
CAT II
10
Configure the network device or its associated authentication server to use multifactor authentication for local access to privileged accounts.
To configure the local device to authenticate via its authentication server, enter the following command from the configuration mode interface. Replace the bracketed value with the configured server group name or the name of the server type to validate against all configured servers of that type.
switch(config)#aaa authentication login console group [radius] local
Determine if the network device uses multifactor authentication for local access to privileged accounts. This requirement may be verified by demonstration or configuration review. This requirement may be met through use of a properly configured authentication server if the device is configured to use the authentication server.
If multifactor authentication is not used for local access to privileged accounts, this is a finding.
Review the device configuration via the "show running-config" command. The line "aaa authentication login console group [server-group] [radius/tacplus] [local]" must be present and must contain, at a minimum, the server group used for authentication, if present, or the term radius or tacplus to indicate all configured radius or tacplus servers, and the term local for local database authentication.
V-60855
False
AMLS-NM-000220
Determine if the network device uses multifactor authentication for local access to privileged accounts. This requirement may be verified by demonstration or configuration review. This requirement may be met through use of a properly configured authentication server if the device is configured to use the authentication server.
If multifactor authentication is not used for local access to privileged accounts, this is a finding.
Review the device configuration via the "show running-config" command. The line "aaa authentication login console group [server-group] [radius/tacplus] [local]" must be present and must contain, at a minimum, the server group used for authentication, if present, or the term radius or tacplus to indicate all configured radius or tacplus servers, and the term local for local database authentication.
M
2825