Check: AMLS-L3-000100
Arista MLS DCS-7000 Series RTR STIG:
AMLS-L3-000100
(in versions v1 r3 through v1 r2)
Title
The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. (Cat II impact)
Discussion
Information flow control regulates authorized information to travel within a network and between interconnected networks. Controlling the flow of network traffic is critical so it does not introduce any unacceptable risk to the network infrastructure or data. An example of a flow control restriction is blocking outside traffic claiming to be from within the organization. For most routers, internal information flow control is a product of system design.
Check Content
Verify each router enforces approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. This requirement may be met through the use of IP access control lists. To verify IP access lists are configured, execute the "show ip access-lists summary" command, and check that the list is configured and is active on applicable interfaces. To verify the lists control the flow of information in accordance with organizational policy, enter the "show ip access-list [name]" command, and review the associated permit and deny statements. If the router does not enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy, this is a finding.
Fix Text
Configure the router to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. To use an IP access list to fulfill this function, enter the following commands, substituting organizational values for the bracketed variables. ip access-list [name] [permit/deny] [protocol] [source address] [source port] [destination address] [destination port] exit interface [type] [number] ip access-group [name] [direction]
Additional Identifiers
Rule ID: SV-75273r1_rule
Vulnerability ID: V-60817
Group Title: SRG-NET-000019-RTR-000002
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001414 |
The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies. |
Controls
Number | Title |
---|---|
AC-4 |
Information Flow Enforcement |