STIGQter: STIG Summary: Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 25 Oct 2019:

The Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time.

DISA Rule

SV-75339r1_rule

Vulnerability Number

V-60881

Group Title

SRG-APP-000515-NDM-000325

Rule Version

AMLS-NM-000400

Severity

CAT II

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Configure the network device to off-load interconnected systems in real time and off-load standalone systems weekly.

Arista EOS logs can be exported to, including by a regular syslog server.

Configuration Example:

switch(config)#logging host[ a.b.c.d]
switch(config)#logging trap informational

Check Contents

Check the network device configuration to determine if the device off-loads audit records onto a different system or media than the system being audited.

If the device does not off-load audit records onto a different system or media, this is a finding.

Review the configuration for the "logging host [a.b.c.d]" statement. Execute a "show logging" to verify logging host status.

Vulnerability Number

V-60881

Documentable

False

Rule Version

AMLS-NM-000400

Severity Override Guidance

Check the network device configuration to determine if the device off-loads audit records onto a different system or media than the system being audited.

If the device does not off-load audit records onto a different system or media, this is a finding.

Review the configuration for the "logging host [a.b.c.d]" statement. Execute a "show logging" to verify logging host status.

Check Content Reference

M

Target Key

2825

Comments