STIGQter: STIG Summary: Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 25 Oct 2019:

The Arista Multilayer Switch must activate a system alert message, send an alarm, and/or automatically shut down when a component failure is detected.

DISA Rule

SV-75319r1_rule

Vulnerability Number

V-60861

Group Title

SRG-APP-000268-NDM-000274

Rule Version

AMLS-NM-000260

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.
• CCI-001328 - The organization, if an information system component failure is detected, activates an organization-defined alarm and/or automatically shuts down the information system.

Weight

10

Fix Recommendation

Configure the network device to activate a system alert message, send an alarm, and/or automatically shut down when a component failure is detected.

SNMP is used to fulfill this function. An example SNMP configuration is provided below. To configure SNMP according to site-specific policies and procedures, refer to the Arista Configuration Guide, Chapter 37.

snmp-server engineID local
snmp-server view snmpview system included
snmp-server group ROgroup v3 priv read snmpview
snmp-server group RWgroup v3 priv write snmpview
snmp-server user disa ROgroup v3
snmp-server user disaRW RWgroup v3
snmp-server host 10.1.1.1 version 3 priv disaRW
snmp-server host 10.2.2.2 version 3 noauth disaRW
snmp-server host 10.3.3.3 version 3 noauth disaRW
snmp-server host 127.0.0.1 version 3 noauth auth
snmp-server host 172.22.29.82 version 3 noauth disaRW
snmp-server enable traps

Check Contents

Determine if the network device activates a system alert message, sends an alarm, and/or automatically shuts down when a component failure is detected. This requirement may be verified by demonstration or configuration review.

If the network device does not activate a system alert message, send an alarm, or automatically shut down when a component failure is detected, this is a finding.

This is a function of SNMP Traps. Verify the SNMP configuration is present in the output of the "show running-config" command and that SNMP is active via the "show snmp" command.

Vulnerability Number

V-60861

Documentable

False

Rule Version

AMLS-NM-000260

Severity Override Guidance

Determine if the network device activates a system alert message, sends an alarm, and/or automatically shuts down when a component failure is detected. This requirement may be verified by demonstration or configuration review.

If the network device does not activate a system alert message, send an alarm, or automatically shut down when a component failure is detected, this is a finding.

This is a function of SNMP Traps. Verify the SNMP configuration is present in the output of the "show running-config" command and that SNMP is active via the "show snmp" command.

Check Content Reference

M

Target Key

2825

Comments