STIGQter: STIG Summary: Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 25 Oct 2019:

The Arista Multilayer Switch must produce audit log records containing sufficient information to establish what type of event occurred.

DISA Rule

SV-75305r1_rule

Vulnerability Number

V-60849

Group Title

SRG-APP-000095-NDM-000225

Rule Version

AMLS-NM-000190

Severity

CAT III

CCI(s)

• CCI-000130 - The information system generates audit records containing information that establishes what type of event occurred.

Weight

10

Fix Recommendation

Enable logging on the switch with sufficient detail to establish what type of event occurred.

To configure logging to a remote syslog server at the informational level, enter:

switch#config
switch(config)#logging host [ip address]
switch(config)#logging trap informational

Check Contents

Review the device configuration and verify that logging is enabled with sufficient detail to establish what type of event occurred.

If logging is not enabled or does not provide sufficient detail, this is a finding.

To determine if logging is enabled, enter:

switch#show logging

The output must show logging as enabled, with a logging level of informational or debugging.

Vulnerability Number

V-60849

Documentable

False

Rule Version

AMLS-NM-000190

Severity Override Guidance

Review the device configuration and verify that logging is enabled with sufficient detail to establish what type of event occurred.

If logging is not enabled or does not provide sufficient detail, this is a finding.

To determine if logging is enabled, enter:

switch#show logging

The output must show logging as enabled, with a logging level of informational or debugging.

Check Content Reference

M

Target Key

2825

Comments