Federal Security & Compliance
Compliance Certifications & Programs
Arista compliance certifications and government security programs provide assurance that Arista platforms meet strict regulatory, cryptographic, and operational requirements for enterprise and public sector deployments.
FIPS 140
Federal Information Processing Standard (FIPS) 140 validates cryptographic modules used by Arista platforms to protect sensitive but unclassified information in accordance with U.S. government requirements.
IPv6 Ready
IPv6 Ready certification demonstrates conformance and interoperability of Arista EOS implementations with IPv6 standards to ensure seamless global IPv6 deployment.
USGv6
USGv6 validates IPv6 capabilities for U.S. Government deployments, ensuring compliance with OMB and NIST mandates for IPv6 adoption across federal agencies.
DoDIN APL
Department of Defense Information Network (DoDIN) Approved Products List (APL) certification confirms that Arista products meet DISA cybersecurity and interoperability requirements.
Common Criteria
Common Criteria (CC) certification independently validates Arista network platforms against internationally recognized security functional and assurance requirements.
Commercial Solutions for Classified (CSfC)
CSfC enables the use of layered commercial encryption technologies to protect classified national security systems, providing rapid, cost-effective secure architectures approved by the NSA.
Programs & Certifications
FIPS 140 Certifications
Current and historical FIPS 140 certifications for Arista platforms.
| Status | Certificate # | Product / Module | Standard |
|---|---|---|---|
| Active | 5162 | Arista Crypto Module Lvl2[Software, Software IPsec | FIPS 140-3 |
| Active | 5001 | Crypto Module v4.0 | FIPS 140-3 |
| Active | 4791 | Arista Crypto Module v3.0 [Software, Software IPsec, Web Portal] | FIPS 140-3 |
| Active | 4790 | Arista Crypto Module v3.0 [Software, Software IPsec] | FIPS 140-3 |
| Active | 4592 | Arista EOS Crypto Module v2.01 | FIPS 140-2 |
| Active | 4019 | Arista EOS crypto Module v2.0 | FIPS 140-2 |
| Active | MIP | MACsec data plane accelerator [PHY] | FIPS 140-3 |
| Active | MIP | MACsec data plane accelerator [on-chip] | FIPS 140-3 |
| Active | MIP | Crypto Module Lvl2 v1.0 [Software, Software IPsec] | FIPS 140-3 |
| Active | MIP | WiFi Access Points | FIPS 140-3 |
| Active | IUT | MACsec data plane accelerator [on-chip-driver] | FIPS 140-3 |
| Historical | 3429 | EOS MACsec Alpha Hybrid Module | FIPS 140-2 |
| Historical | 3420 | EOS MACsec Bravo Hybrid Module | FIPS 140-2 |
IPv6 Ready Certifications
IPv6 Ready logo program certifications for Arista EOS platforms.
| Status | Certificate # | Product-Class | Test-Category | Description |
|---|---|---|---|---|
| Active | 2244 | Router | Core Protocols | DCS-7280,DCS-7500,DCS-7800 Platforms |
| Active | 2617 | Router | Core Protocols | DCS-7010,DCS-7050,DCS-7060,DCS-7300 Platforms |
| Active | 2928 | Router | Core Protocols | DAWE-5000,AWE-7200 Platforms |
USGv6 Certifications
U.S. Government IPv6 (USGv6) certifications.
Please see the Arista USGv6 registered products
DoDIN APL Listings
Approved Product Listings for Department of Defense networks.
| Status | APL TN | Platform |
|---|---|---|
| Active | TN-2106801 | CCS-700 Series |
| Active | TN-2226601 | DCS-7800R3 Series |
| Active | TN-2230601 | DCS-7280R3, DCS-7500R3 Series |
| Active | TN-2231202 | DCS-7050X, DCS-7060X Series |
| Active | TN-2234701 | DCS-7020R, DCS-7010TX Series |
| Active | TN-2235701 | DCS-7300X Series |
| Active | TN-2433801 | AWE-7200R Series |
Common Criteria Certifications
Active and historical Common Criteria certifications.
| Status | Certificate | Target of Evaluation | Protection Profile |
|---|---|---|---|
| In Process | TBD | EOS MACsec Switches | NDcPP v3.0e & MACsec v1.0 |
| In Process | TBD | AWE Platforms / CloudEOS | NDcPP v3.0e & VPNGW v1.3 |
| In Process | TBD | CVP, DCA & WiFi | NDcPP v3.0e & WLAN AS 1.0 |
| In Process | TBD | EOS Switches | NDcPP v3.0e |
| Historical | 11356 | EOS 4.28 DCS-7280 | NDcPP v2.2e |
| Historical | 383-4-483 | EOS 4.22.1FX-CC | NDcPP v2.1 |
| Historical | 10523 | EOS 4.12, DCS-7150 | NDcPP v1.1 |
| Historical | 10559 | EOS 4.13, 7050X,7250X,7300X,7500E | NDcPP v1.1 |
Commercial Solutions for Classified (CSfC)
CSfC enables commercial technologies to be used in layered solutions that protect classified information. Arista platforms participate in CSfC solutions as part of NSA-approved architectures.
| Status | Component List |
|---|---|
| In Process | WLAN Access System |
| In Process | IPSEC VPN Gateway |
| In Process | MACSEC Ethernet Encryption |
Please visit the following website. CSfC Components List
7135V Series - Literature
Data Sheets
- .7135V Datasheet
- .7135LB Datasheet
- .7132LB Datasheet
- .7130 Connect S Series
- .7130LBR Datasheet
- .7130LS Series
- .7130E Series
- .7135V Latency Heat Map
Product Overview
Product Briefs
- .MetaWatch Product Brief
- .MetaMux Product Brief
- .MetaProtect Product Brief
- .ExchangeApp Product Brief
- .MultiAccess Product Brief
- .SwitchApp Product Brief
- .Developer Product Brief
White Papers
- .Layman’s Guide to Layer 1 Switching
- .5 Questions to ask before buying a Layer 1 switch
- .Measuring the latency of a 4ns switch
- .Determinism is the new latency
- .Copper is Faster than fiber
- .An Overview of Arista Ethernet Capture Timestamps
- .5 Ways to Optimise exchange connectivity latency
- .5 Things to Consider When Choosing an FPGA platform
- .Measuring the Absolute Accuracy of 10GbE Packet Timestamping
- .Four key trends in the networked use of FPGAs
- .FPGA Platforms: Why the Arista 7130 is best of breed
- .Network Traffic Capture & Aggregation: Why buffer size is crucial
- .Improving MetaWatch’s timestamp accuracy with clock modules
- .STAC-TS™ BENCHMARKS - Accuracy of network timestamping and burst capacity of capture
Case Study
- .Case Study: Electronic trading firm gains ultra-low latency exchange connectivity with Arista
- .Case Study: Deutsche Börse Group monitors every trade with Arista
- .Case Study: Enyx chooses Arista to accelerate ultra-low latency solutions for major financial Service Providers
Video
7135V Series - Overview
7135V Series
7135V series devices, optimized for 25 gigabit Ethernet, brings back the single-chip layer 1 crosspoint matrix switch, and for the first time in several generations of 7130, introduces a new FPGA, offering 52 low latency GTYP, 25GbE-enabled transceivers, 16 GTM transceivers, along with 16GB of high bandwidth memory. We will use these new FPGA features to support new low latency use cases.
The 7135V supports the full complement of FPGA applications that Arista produces, including MetaWatch, SwitchApp, MetaMux, and MultiAccess, all now supporting 25 gigabit Ethernet use cases!
Available in the 1RU form factor with 48 x SFP28 ports and 4 x QSFP ports 7135V is multiple devices in one; performing layer 1+ switching in only 5ns at 25G speed, enabling customers to upgrade their network with no impact to the latency.
The Arista 7135V Series supports the BVL development standard, is optimized for Arista's network applications, and can be leveraged to run 3rd party partner applications. FPGA application developers can utilize the platform to deploy and deliver their performance critical apps. On top of the market-leading FPGA functionality, the devices combine a multitude of Layer 1+ network functionality on to the same devices:
- Signal regeneration
- Port mirroring
- Dynamic patching/link management
- Ad-hoc tapping without rewiring
- Media conversion
- Telemetry and more
These devices provide Layer 1+ configurable features such as dynamic patching, tapping, one-to-many replication, media conversion, packet stats and precise timestamping. They also include the following functionality:
- 5ns layer 1 switching between front panel ports
- Development toolkits and low-latency IP Cores
Robust Switches with Comprehensive Feature Sets
| Feature | Description |
|---|---|
| Simplified stack | Fan-out with 5ns of latency, equivalent to a single metre of fiber or copper interconnect, and insignificant jitter. |
| Integrated with existing FPGA tools | Reduce costs by converting between different Ethernet media types e.g. one end of a link can be twinax and the other 10GBASE-LR single-mode fiber. |
| Layer 1+ functionality | Save rack space and reduce complexity by leveraging dynamic patching, tapping, one-to-many replication, telemetry and comprehensive port statistics on a single device. |
| Feature-rich | Avoid the need to build features in-house by leveraging Arista’s access control, syslog, SNMP, packet stats, tcpdump, JSON RPC API, time series data, streaming telemetry and more - included as standard within the 7130 Series. |
| Easy app deployment | Streamline operational processes through Arista’s built-in application infrastructure which allows developers to wrap applications into simple packages for deployment. |
| Enterprise ready | Deploy FPGA applications with ease - the FPGA platform integrates with a 64-bit x86 management processor and the Arista Extensible Operating System (EOS) to provide user extensible solutions. |
| Ultra-low latency | Fan-out with 5ns of latency, equivalent to a single metre of fiber or copper interconnect, and aggregate in 39ns. |
7135V Series Devices
| 7135V Series Devices | ||||||
|---|---|---|---|---|---|---|
| Model | System Configuration Components | FPGA Board Standard | Front Panel Ports | RU | PPS IN/OUT | CPU |
| 48Y-4QC | Layer 1 Crosspoint and AMD Versal™ HBM Series VH1542 FPGA | BVL | 48 x SFP28 and 4 x QSFP28 | 1RU | 1/1 | Eight-Core x86 |
7060XE7 Series - Literature
7060XE7 Series Literature
Whitepapers
Blog Posts
Videos
7060XE7 Series - Specifications
7060XE7 Specifications
| 7060XE7 -64PS |
7060XE7 -64PRS |
7060XE7 -64PRS-RV3-L |
7060XE7 -128PE |
|
|---|---|---|---|---|
| Ports Description | 64x 1600G OSFP-IHS 1x 100G QSFP28 | 64x 1600G OSFP-RHS 1x 100G QSFP28 | 64x 1600G OSFP-RHS 1x 100G QSFP28 | 128x 800G OSFP-IHS 1x 100G QSFP28 |
| Maximum 1.6T Ports | 64 | 64 | 64 | – |
| Maximum 800G Ports | 128 | 128 | 128 | 128 |
| Maximum 400G Ports | 256 | 256 | 256 | 256 |
| Maximum 200G Ports | 512 | 512 | 512 | 512 |
| Maximum 100G Ports | – | – | – | 512 |
| Height | 4RU | 4RU | 2OU | 4RU |
| Cooling | Front-to-rear Air-cooled |
Front-to-rear Air-cooled |
100% Liquid-cooled | Front-to-rear Air-cooled |
| AC PSU | Yes | Yes | – | Yes |
| DC PSU | Yes | Yes | Yes | Yes |
| Buffer | 267 MB | 267 MB | 267 MB | 267 MB |
| Throughput | 102.4 (204.8) Tbps | 102.4 (204.8) Tbps | 102.4 (204.8) Tbps | 102.4 (204.8) Tbps |
| Memory | 32 Gigabytes | 32 Gigabytes | 32 Gigabytes | 32 Gigabytes |
| Storage | 480 Gigabytes | 480 Gigabytes | 480 Gigabytes | 480 Gigabytes |
| Latency | From 840 ns | From 840 ns | From 840 ns | From 840 ns |
7060XE7 Series - Overview
The Arista 7060XE7 portfolio of switches represents the next step in the evolution of the networking infrastructure.
Delivering 102.4 Tbps of bandwidth per system, the Arista 7060XE7 series offers high density and wide radix in compact form factors, that serve as the building blocks for the most demanding next generation network architectures. These platforms ensure a smooth transition from 800G to 1.6T capabilities per port, delivering reliability and robustness, with the familiarity of Arista EOS®.
Delivering unparalleled efficiency and flexibility, the Arista 7060XE7 Series will also introduce 100% liquid-cooled options, to fit seamlessly into the most cutting-edge networking deployments.
Arista 7060XE7 Series Introduction
As AI clusters evolve, the network connectivity required for connecting the XPUs together has also evolved. As different architectures like scale-up, scale-out and scale-across become commonly deployed, the network fabric required for interconnectivity is more important than ever before.
The bandwidth, speeds and feeds, and software enhancements required to ensure a lossless and congestion-free network are some of the primary factors that are driving the adoption of the next generation AI networks. Architectures optimized for flexibility are now giving way to systems optimized for performance at scale, and the Arista 7060XE7 Series is at the forefront of this evolution.
710HXP - Specifications
Specifications:
710HXP-28TXH-4S |
710HXP-20TNH-4S |
|
|---|---|---|
| Ports | 24x1G RJ45, 4x 10mG 4x 1/10G SFP |
16x1G RJ45, 4x 5mG 4x 1/10G SFP |
| 10M-1G UTP (30W) | 16 | |
| 10M-1G UTP (60W) | 24 | |
| mGig UTP (90W) | 4x 10mG | 4x 5mG |
| 10G SFP+ | 4 | 4 |
| Throughput (FDX) | 208 Gbps | 144 Gbps |
| Packets/Second | 95 Mpps | 95 Mpps |
| Latency (RJ-45) | 1.8 microseconds | |
| CPU | Quad Core ARM | |
| System Memory | 8 GB | |
| System Flash | 20 GB | |
| Packet Buffer | 1.5 MB | |
| USB Ports | 1 | 1 |
| Console Ports | 1 | 1 |
| Power (Max, excluding PoE) | 80W | 80W |
| Power Input | 2x 400W AC (internal) | 480W AC (external) or 290W DC (external) |
710XP Scaling capabilities
| Ingress / Egress ACLs | 1K / 512 |
| MAC addresses | 16K |
| IPv4/v6 Hosts | 8K / 4K |
| IPv4/v6 Routes | 2K / 512 |
| ECMP | 64-way |
| IGMP Groups | 1024 |
710HXP - Overview
Arista 710HXP Series Compact Cognitive Campus Ruggedized POE Leaf Switches
Designed to extend the Cognitive Campus network into an industrial network infrastructure where extended temperature and vibration proof working conditions are required. These switches are also rated for the IP30 that offers protection against 2.5 mm particles entering inside the switch. With multiple mounting options, the CCS-710HXP series of switches are well suited for any deployment where sound and space are as equally important as reliable network operations.
Arista’s cornerstone EOS® combines cognitive campus network features and state of the art merchant silicon to deliver critical services that automate deployment, configuration, visibility troubleshooting and security. The Arista cognitive campus architecture encompasses spline, leaf and wireless infrastructure platforms, telemetry and analytics, and a single image EOS that supports an expanding feature set and partner ecosystem of solutions.
Arista 710HXP Advantages
- Ability to work in operating temperature range of -40C to 75C
- Ability to withstand vibrations and shocks
- IP30 support
- Options for 10M to 1G/mGig PoE copper downlinks and 10G SFP/SFP+ uplinks
- 30W, 60W & 90W PoE
- DIN Rail, Wall and rack mount options
- Industry standard 802.1Q and VXLAN/EVPN segmentation
- Cognitive real time telemetry and visibility with CloudVision and sFlow
- Cognitive, cloud grade reliability, in service maintenance and upgrades
- EOS programmability and cognitive management plane monitoring APIs
Arista EOS delivers cloud grade QoS, security, and reliability that are required for campus networks.
The cognitive management plane, native in EOS, provides real time telemetry to capture key performance metrics of infrastructure, device, application and user data for SLA monitoring and troubleshooting.
Support various user, IoT and uplink connections:
- 10M/100M/1G/mGig interfaces with up to 90W 802.3bt
- SFP+ modules supporting 1 and 10G
- Wire speed architecture with up to 208 Gbps of throughput
- Fanless with DIN rail, wall, and rack mount options
Arista EOS
- Common OS for all Arista platforms
- Field proven reliability
- Fault Isolating, Self healing
- In service updates
- Smart System Upgrades
- Extensive APIs
Campus optimized reliability and efficiency
- Fanless for quiet spaces
- Persistent POE on reboot
- Priority power assignment
Cognitive Management Plane
- Real time telemetry
- CVP and SFlow APIs
- Inventorying and threat assessment capabilities
- Application support from third parties
CloudVision Portal Life Cycle Policy - Wi-Fi AP Software
Revisions for CV-CUE release process
The following table depicts the latest supported Access Point (AP) release for each CVP release. Refer Wi-Fi Access Point Software Life Cycle Policy for AP Software Life Cycle Policy.
|
CVP Release |
Current Status |
Initial Release Date |
End of Support* |
Supported Wi-Fi AP release up to and including |
|---|---|---|---|---|
|
2026.1 |
Active Development |
30-Mar-2026 |
30-Mar-2028 |
21.1.x |
|
2025.3 |
Support Only |
13-Oct-2025 |
13-Oct-2027 |
20.x |
|
2025.2 |
Support Only |
04-Jul-2025 |
04-Jul-2027 |
19.x |
|
2025.1 |
Support Only |
31-Mar-2025 |
31-Mar-2027 |
18.x |
|
2024.2 |
Support Only |
24-Jul-2024 |
24-Jul-2026 |
16.1.x |
*CVP releases will always support AP platforms in accordance with the AP platform’s announced EOL policy.
CloudVision Life Cycle Policy - CV-CUE Software
CV-CUE Software Life Cycle
The CV-CUE solution features the Arista Wi-Fi management software for cloud and on-premises deployments. This policy is applicable to on-premises deployments.
The Software Release Policy and Lifecycle defines the various phases of development and support to guide customers in transitioning to newer versions of the product based on the milestones in the lifecycle. Arista Networks will support each major software release train of CV-CUE on-premises up to 24 months from the general availability date for a particular train. The following diagram depicts the release phases and the Arista TAC support mapping across this timeline.
- Major release with new features and functionality
- Active maintenance releases for bug fixes as needed
- TAC support available
- Ongoing TAC support
- Software upgrade required for bug fixes
The following table depicts the CV-CUE on-premises release support matrix, including the timelines for each major software train (based on the 24 month life cycle policy) and includes the current state of support for each train. The CV-CUE software release is effectively integrated within the CVP release train and remains aligned with the CVP release process. Refer Access Point Software Support for supported AP releases.
|
CVP Release |
Current Status |
Initial Release Date |
End of Support* |
|---|---|---|---|
|
2026.1 |
Active Development |
30-Mar-2026 |
30-Mar-2028 |
|
2025.3 |
Support Only |
13-Oct-2025 |
13-Oct-2027 |
|
2025.2 |
Support Only |
4-Jul-2025 |
4-Jul-2027 |
|
2025.1 |
Support Only |
31-March-2025 |
31-March-2027 |
|
2024.2 |
Support Only |
24-Jul-2024 |
24-Jul-2026 |
*CVP releases will always support AP platforms in accordance with the AP platform’s announced EOL policy.
Wi-Fi Access Point Software Life Cycle Policy
Wi-Fi Access Point Software Life Cycle Policy
Arista Networks' Access Point (AP) Software Release Policy and Life Cycle guidelines help customers and partners facilitate Access Point upgrades and plan multi-year infrastructure deployment. Arista will support each major AP software release for 18 months from the date of posting of the last feature release for a particular train.
To assist customers in selecting the right AP software release for their environments, Arista follows a standard naming convention for AP software releases. The naming convention identifies if a particular release is integrating new feature functionality, or has reached software maintenance mode.
Each AP software release is identified with either the letter "F" indicating that the release contains new Functionality or "M", denoting that the release is in the Maintenance phase. An M release only receives incremental fixes and no new functionality is added.
New Feature Phase
- AP software releases will be identified with the letter "F" indicating that the release contains new features/functionality.
- TAC support available
Maintenance Phase
- AP software release will be identified with the letter "M" for maintenance phase An “M” release only receives incremental fixes and no new functionality is added
- TAC support available
The following diagram depicts the release phases using an example.
The following table depicts the Arista AP release support matrix, including the timelines for each major Arista AP software train (based on the 18 month lifecycle policy) and includes current state of TAC support for each train. As a special case, when an AP platform or a series of platforms (say, 2xx APs) end-of-life (EoL) is announced, the last supported release version (say, 21.2.F) of that platform or series of platforms enjoys maintenance support (existing feature support, vulnerability fixes) for the period of its life from the date of EoL announcement. Refer to the Wi-Fi hardware EoL policy.
| AP Feature/Maintenance Release Train |
Current Status | Initial Release | End of Support |
|---|---|---|---|
| 21.2.0F | Feature phase | February 2026 | August 2028 |
Security Advisory 0143
June 23, 2026
All of the CVEs covered in this advisory apply to affected platforms running Arista EOS with the Streaming Telemetry Agent (aka TerminAttr) enabled. This issue primarily affects customers using the Streaming Telemetry Agent to connect to CloudVision or a gNMI server.
All of these issues were discovered internally by Arista and Arista is not aware of any malicious uses of these issues in customer networks.
Security Advisory 0142
June 23, 2026
On affected platforms running Arista EOS (Extensible Operating System) configured with next-hop redirection features—such as Policy-Based Routing (PBR), Border Gateway Protocol (BGP) Flowspec, Traffic Policy, DirectFlow, or Segment Security—certain specific classes of IP packets requiring exception handling may bypass the configured redirection action.
Security Advisory 0141
June 16, 2026
The purpose of this advisory is to provide an announcement regarding potential vulnerabilities in Arista Access Points (APs) to the AirSnitch attacks published on February 26, 2026. This new class of attacks devises bypass mechanisms by which client isolation can be broken in Wi-Fi networks. The attacks can only be carried out by a client that is legitimately connected to the network through a Guest Service Set Identifier (SSID) or by a malicious insider. These attacks cannot be launched by devices external to the enterprise network.
Security Advisory 0140
June 3, 2026
A user with local eos-admin privileges on affected Arista EOS (Extensible Operating System) platforms where secure boot is enabled can bypass Secure Boot Software Image (SWI) verification through the use of a specially crafted file.
Security Advisory 0139
May 19, 2026
On affected Arista platforms running Media Control Service (MCS) on CloudVision eXchange (CVX) or DANZ Monitoring Fabric (DMF), an authenticated user—one who has already gained access to the system—may be able to trigger a memory corruption condition that can potentially lead to remote code execution.
Note: DMF in its default condition is not affected. The vulnerability is only present in DMF under unusual, user enabled configurations.
Security Advisory 0138
May 8, 2026
Arista Networks is providing this security update in response to a recent, publicly disclosed security vulnerability widely known as “Dirty Frag”. Exploitation of this issue allows for an unprivileged local user to gain root access to a device by running an executable binary. Access to an environment where arbitrary code can be executed is required for this vulnerability to be exploitable.