STIGQter: STIG Summary: Arista MLS DCS-7000 Series L2S Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 22 Apr 2016:

The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies.

DISA Rule

SV-75269r1_rule

Vulnerability Number

V-60813

Group Title

SRG-NET-000018

Rule Version

AMLS-L2-000100

Severity

CAT II

CCI(s)

• CCI-001368 - The information system enforces approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

Configure the switch to use spanning-tree protocol for Layer-2 connections.

The version of spanning-tree protocol as well as the VLANs upon which it is enabled must be determined according to organizational use and site policy.

For full configuration examples, refer to the Arista Configuration Manual, Chapter 20.

Check Contents

Verify the use of Spanning-Tree Protocol for information flow control via the "show spanning-tree" command.

Alternatively, from the output of the "show running-config" command, review the configuration for "spanning-tree mode" statement, and verify the line "spanning-tree disabled" is not present for production VLANs.

If spanning-tree is not used for controlling the flow of information, this is a finding.

Vulnerability Number

V-60813

Documentable

False

Rule Version

AMLS-L2-000100

Severity Override Guidance

Verify the use of Spanning-Tree Protocol for information flow control via the "show spanning-tree" command.

Alternatively, from the output of the "show running-config" command, review the configuration for "spanning-tree mode" statement, and verify the line "spanning-tree disabled" is not present for production VLANs.

If spanning-tree is not used for controlling the flow of information, this is a finding.

Check Content Reference

M

Target Key

2821

Comments