STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide

Version

V1R4

Benchmark ID

Arista_DCS-7000_Series_NDM_STIG

Total Checks

28

Tags

other

CAT I: 3CAT II: 19CAT III: 6

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (28)

V-217354HIGHThe Arista Multilayer Switch must have a local infrequently used account to be used as an account of last resort with full access to the network device.V-217355MEDIUMThe Arista Multilayer Switch account of last resort must have a password with a length of 15 characters.V-217356MEDIUMThe Arista Multilayer Switch must automatically audit account creation.V-217357MEDIUMThe Arista Multilayer Switch must automatically audit account modification.V-217358MEDIUMThe Arista Multilayer Switch must automatically audit account disabling actions.V-217359MEDIUMThe Arista Multilayer Switch must automatically audit account removal actions.V-217360MEDIUMThe Arista Multilayer Switch must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.V-217361LOWThe Arista Multilayer Switch must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.V-217362LOWThe Arista Multilayer Switch must generate audit records when successful/unsuccessful attempts to access privileges occur.V-217363LOWThe Arista Multilayer Switch must produce audit log records containing sufficient information to establish what type of event occurred.V-217364LOWThe Arista Multilayer Switch must generate audit records containing the full-text recording of privileged commands.V-217365MEDIUMThe Arista Multilayer Switch must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.V-217366MEDIUMThe Arista Multilayer Switch must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.V-217367MEDIUMThe Arista Multilayer Switch must be configured to synchronize internal information system clocks with the primary and secondary time sources located in different geographic regions using redundant authoritative time sources.V-217368MEDIUMThe Arista Multilayer Switch must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).V-217369MEDIUMArista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the integrity of nonlocal maintenance and diagnostic communications.V-217370MEDIUMArista Multilayer Switches used for nonlocal maintenance sessions must implement cryptographic mechanisms to protect the confidentiality of nonlocal maintenance and diagnostic communications.V-217371MEDIUMThe Arista Multilayer Switch must generate audit records for privileged activities or other system-level access.V-217372MEDIUMThe Arista Multilayer Switch must generate audit records showing starting and ending time for administrator access to the system.V-217373MEDIUMThe Arista Multilayer Switch must generate audit records when concurrent logons from different workstations occur.V-217374MEDIUMThe Arista Multilayer Switch must, at a minimum, off-load audit records for interconnected systems in real time.V-217375MEDIUMThe Arista Multilayer Switch must protect the audit records of nonlocal accesses to privileged accounts and the execution of privileged functions.V-217376HIGHThe Arista Multilayer Switch must employ AAA service to centrally manage authentication settings.V-217377LOWThe Arista Multilayer Switch must support organizational requirements to conduct backups of system-level information contained in the information system when changes occur or weekly, whichever is sooner.V-217378LOWThe Arista Multilayer Switch must be updated to one of the minimum approved versions of EOS.V-217379MEDIUMThe Arista Multilayer Switch must use FIPS-compliant mechanisms for authentication to a cryptographic module.V-264428HIGHThe Arista MLS NDM must be using a version supported by the vendor.V-265635MEDIUMThe Arista Multilayer Switch must use multifactor authentication for local access to privileged accounts.