STIGQter: STIG Summary: Arista MLS DCS-7000 Series RTR Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

The Arista Multilayer Switch must be configured so inactive router interfaces are disabled.

DISA Rule

SV-75353r1_rule

Vulnerability Number

V-60895

Group Title

SRG-NET-000019-RTR-000007

Rule Version

AMLS-L3-000140

Severity

CAT II

CCI(s)

• CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

Remove subinterfaces and disable any inactive ports on the router via the "shutdown" command on the interface configuration mode.

Check Contents

Verify inactive interfaces on the router are disabled by executing a "show interface status" command and confirming the line "disabled" is present on any interface where the interface is inactive.

If there are any inactive interfaces enabled on the router, this is a finding.

Vulnerability Number

V-60895

Documentable

False

Rule Version

AMLS-L3-000140

Severity Override Guidance

Verify inactive interfaces on the router are disabled by executing a "show interface status" command and confirming the line "disabled" is present on any interface where the interface is inactive.

If there are any inactive interfaces enabled on the router, this is a finding.

Check Content Reference

M

Target Key

2823

Comments