STIGQter: STIG Summary: Arista MLS DCS-7000 Series RTR Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:

If Border Gateway Protocol (BGP) is enabled on The Arista Multilayer Switch, The Arista Multilayer Switch must not be a BGP peer with a router from an Autonomous System belonging to any Alternate Gateway.

DISA Rule

SV-75357r1_rule

Vulnerability Number

V-60899

Group Title

SRG-NET-000019-RTR-000010

Rule Version

AMLS-L3-000160

Severity

CAT II

CCI(s)

• CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

Configure a static route on the perimeter router to reach the AS of a router connecting to an Alternate Gateway

Ip route [destination/mask] [forwarding interface]

Check Contents

This requirement applies only to DoDIN enclaves. Review the configuration of the router connecting to the Alternate Gateway via the "show router bgp [processID]" command.

Verify there are no BGP neighbors configured to the remote AS that belongs to the Alternate Gateway service provider.

If there are BGP neighbors connecting the remote AS of the Alternate Gateway service provider, this is a finding.

Vulnerability Number

V-60899

Documentable

False

Rule Version

AMLS-L3-000160

Severity Override Guidance

This requirement applies only to DoDIN enclaves. Review the configuration of the router connecting to the Alternate Gateway via the "show router bgp [processID]" command.

Verify there are no BGP neighbors configured to the remote AS that belongs to the Alternate Gateway service provider.

If there are BGP neighbors connecting the remote AS of the Alternate Gateway service provider, this is a finding.

Check Content Reference

M

Target Key

2823

Comments