The Arista network device must be configured to capture all DOD auditable events.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-255962	ARST-ND-000790	SV-255962r882228_rule		Medium

Description
Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured network device. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. Satisfies: SRG-APP-000095-NDM-000225, SRG-APP-000096-NDM-000226, SRG-APP-000097-NDM-000227, SRG-APP-000098-NDM-000228, SRG-APP-000099-NDM-000229, SRG-APP-000100-NDM-000230, SRG-APP-000516-NDM-000334, SRG-APP-000357-NDM-000293, SRG-APP-000360-NDM-000295, SRG-APP-000505-NDM-000322

Description

Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured network device. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis. Satisfies: SRG-APP-000095-NDM-000225, SRG-APP-000096-NDM-000226, SRG-APP-000097-NDM-000227, SRG-APP-000098-NDM-000228, SRG-APP-000099-NDM-000229, SRG-APP-000100-NDM-000230, SRG-APP-000516-NDM-000334, SRG-APP-000357-NDM-000293, SRG-APP-000360-NDM-000295, SRG-APP-000505-NDM-000322

STIG	Date
Arista MLS EOS 4.2x NDM Security Technical Implementation Guide	2023-01-11

Details

Check Text ( C-59638r882226_chk )
Verify the Arista network device is configured to audit all DOD auditable events. Verify the logging settings in the configuration file with the following example: switch#sh running-config \| section logging logging buffered informational logging trap informational NOTE: Acceptable settings include debugging, informational, and notifications to adjust syslog server traffic impact. Setting to higher severity levels can cause necessary lower-level events to be missed. If the Arista network device is not configured to audit all DOD auditable events, this is a finding.

Check Text ( C-59638r882226_chk )

Verify the Arista network device is configured to audit all DOD auditable events.

Verify the logging settings in the configuration file with the following example:

switch#sh running-config | section logging

logging buffered informational
logging trap informational

NOTE: Acceptable settings include debugging, informational, and notifications to adjust syslog server traffic impact. Setting to higher severity levels can cause necessary lower-level events to be missed.

If the Arista network device is not configured to audit all DOD auditable events, this is a finding.

Fix Text (F-59581r882227_fix)
Configure a logging level sufficient to capture all DOD auditable events. switch(config)#logging buffered informational switch(config)#logging trap informational NOTE: Acceptable settings include debugging, informational, and notifications to adjust syslog server traffic impact. Setting to higher severity levels can cause necessary lower-level events to be missed.