STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

Arista MLS DCS-7000 Series RTR Security Technical Implementation Guide

Version

V1R4

Benchmark ID

Arista_DCS-7000_Series_RTR_STIG

Total Checks

22

Tags

other

CAT I: 1CAT II: 21CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (22)

V-217488MEDIUMThe Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.V-217489MEDIUMThe Arista Multilayer Switch must disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing.V-217490MEDIUMThe Arista Multilayer Switch must bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled.V-217491MEDIUMThe Arista Multilayer Switch must establish boundaries for IPv6 Admin-Local, IPv6 Site-Local, IPv6 Organization-Local scope, and IPv4 Local-Scope multicast traffic.V-217492MEDIUMThe Arista Multilayer Switch must be configured so inactive router interfaces are disabled.V-217493MEDIUMThe Arista Multilayer Switch must protect an enclave connected to an Alternate Gateway by using an inbound filter that only permits packets with destination addresses within the sites address space.V-217494MEDIUMIf Border Gateway Protocol (BGP) is enabled on The Arista Multilayer Switch, The Arista Multilayer Switch must not be a BGP peer with a router from an Autonomous System belonging to any Alternate Gateway.V-217495MEDIUMThe Arista Multilayer Switch must not redistribute static routes to alternate gateway service provider into an Exterior Gateway Protocol or Interior Gateway Protocol to the NIPRNet or to other Autonomous System.V-217496MEDIUMThe Arista Multilayer Switch must enforce that Interior Gateway Protocol instances configured on the out-of-band management gateway router only peer with their own routing domain.V-217497MEDIUMThe Arista Multilayer Switch must enforce that the managed network domain and the management network domain are separate routing domains and the Interior Gateway Protocol instances are not redistributed or advertised to each other.V-217498MEDIUMThe Arista Multilayer Switch must enforce that any interface used for out-of-band management traffic is configured to be passive for the Interior Gateway Protocol that is utilized on that management interface.V-217499MEDIUMThe Arista Multilayer Switch must be configured to disable non-essential capabilities.V-217500MEDIUMThe Arista Multilayer Switch must encrypt all methods of configured authentication for the OSPF routing protocol.V-217501MEDIUMThe Arista Multilayer Switch must only allow incoming communications from authorized sources to be routed to authorized destinations.V-217502MEDIUMThe Arista Multilayer Switch must not enable the RIP routing protocol.V-217523MEDIUMThe Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP.V-217524MEDIUMThe Arista Multilayer Switch must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding.V-217525MEDIUMThe Arista Multilayer Switch must ensure all Exterior Border Gateway Protocol (eBGP) routers are configured to use Generalized TTL Security Mechanism (GTSM) or are configured to meet RFC3682.V-220130MEDIUMThe Arista Multilayer Switch must enforce information flow control using explicit security attributes (for example, IP addresses, port numbers, protocol, Autonomous System, or interface) on information, source, and destination objects.V-220131MEDIUMThe Arista Multilayer Switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks.V-220133MEDIUMThe Arista Multilayer Switch must configure the maximum hop limit value to at least 32.V-264429HIGHThe Arista MLS RTR must be using a version supported by the vendor.