STIGQter: STIG Summary: Arista MLS DCS-7000 Series NDM Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 25 Oct 2019:

The Arista Multilayer Switch must use FIPS-compliant mechanisms for authentication to a cryptographic module.

DISA Rule

SV-81687r1_rule

Vulnerability Number

V-67197

Group Title

SRG-APP-000179-NDM-000265

Rule Version

AMLS-NM-200825

Severity

CAT II

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

Enable FIPS restrictions via the following commands:
Enable
Configure
Management ssh
Fips restrictions
Exit

Additionally, the switch should be configured to use its Hardware Random Number Generator as a source of entropy for the SSH protocol. To enable this, configure:

Enable
Configure
Management security
Entropy source hardware

Once this has been changed, regenerate the SSH RSA Keys with:

Reset ssh hostkey rsa

Check Contents

Review the device configuration via the “show running-config” command for the following statement:

management ssh
fips restrictions

If this statement is not present, this is a finding.

Vulnerability Number

V-67197

Documentable

False

Rule Version

AMLS-NM-200825

Severity Override Guidance

Review the device configuration via the “show running-config” command for the following statement:

management ssh
fips restrictions

If this statement is not present, this is a finding.

Check Content Reference

M

Target Key

2825

Comments