STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

Arista MLS EOS 4.X NDM Security Technical Implementation Guide

Version

V2R2

Benchmark ID

Arista_MLS_EOS_4-2x_NDM_STIG

Total Checks

21

Tags

other
CAT I: 8CAT II: 13CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSON

Checks (21)

V-255947MEDIUMThe Arista network device must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type.V-255948MEDIUMThe Arista network device must enforce approved authorizations for controlling the flow of management information within the network device based on information flow control policies.V-255949MEDIUMThe Arista network device must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes.V-255950MEDIUMThe Arista network device must display the Standard Mandatory DOD Notice and Consent Banner before granting access to the device.V-255951MEDIUMThe Arista network device must be configured to audit all administrator activity.V-255952HIGHThe Arista network device must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.V-255953MEDIUMThe Arista network device must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.V-255954MEDIUMThe Arista network device must enforce a minimum 15-character password length.V-255955HIGHThe Arista network device must use FIPS 140-2 approved algorithms for authentication to a cryptographic module.V-255956HIGHThe Arista network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.V-255957MEDIUMIf the Arista network device uses role-based access control, the network device must enforce organization-defined role-based access control policies over defined subjects and objects.V-255958MEDIUMThe Arista network device must be configured to synchronize internal system clocks using redundant authenticated time sources.V-255959MEDIUMThe Arista network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).V-255960HIGHThe Arista network devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions.V-255961HIGHThe Arista network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions.V-255962MEDIUMThe Arista network device must be configured to capture all DOD auditable events.V-255963HIGHThe network device must be configured to use an authentication server to authenticate users prior to granting administrative access.V-255964MEDIUMThe network device must be configured to conduct backups of system level information contained in the information system when changes occur.V-255965MEDIUMThe Arista network device must obtain its public key certificates from an appropriate certificate policy through an approved service provider.V-255966HIGHThe Arista network Arista device must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the ISSO.V-255967HIGHThe Arista network device must be running an operating system release that is currently supported by the vendor.