STIGQter: STIG Summary: Forescout Network Device Management Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout must audit the enforcement actions used to restrict access associated with changes to the device.

DISA Rule

SV-230948r615886_rule

Vulnerability Number

V-230948

Group Title

SRG-APP-000381-NDM-000305

Rule Version

FORE-NM-000210

Severity

CAT III

CCI(s)

• CCI-001814 - The Information system supports auditing of the enforcement actions.

Weight

10

Fix Recommendation

Remove accounts that are not authorized. Do not remove the account of last resort. Ensure a Least Privilege Permission approach is taken with all accounts created.

1. Log on to the Forescout Administrator UI with admin or operator credentials.
2. From the menu, select Tools >> Options >> User Console and Options.
3. Select (highlight) the user profile to be reviewed (group or user) and then select Edit >> Permissions.
4. Check user against current SSP and ensure only the users that are allowed privileges to make changes have the Least Privilege required permissions.
5. Delete or disable unauthorized users.

Check Contents

Determine if the network device audits the enforcement actions used to restrict access associated with changes to the device. This requirement may be verified by demonstration, configuration review, or validated test results.

1. Log on to the Forescout Administrator UI with admin or operator credentials.
2. From the menu, select Tools >> Options >> User Console and Options.
3. Select (highlight) the user profile to be reviewed (group or user) and then select Edit >> Permissions.
4. Check user against current SSP and ensure only the users with privileges to make changes have the Least Privilege required permissions.

If the network device does not audit the enforcement actions used to restrict access associated with changes to the device, this is a finding.

Vulnerability Number

V-230948

Documentable

False

Rule Version

FORE-NM-000210

Severity Override Guidance

Determine if the network device audits the enforcement actions used to restrict access associated with changes to the device. This requirement may be verified by demonstration, configuration review, or validated test results.

1. Log on to the Forescout Administrator UI with admin or operator credentials.
2. From the menu, select Tools >> Options >> User Console and Options.
3. Select (highlight) the user profile to be reviewed (group or user) and then select Edit >> Permissions.
4. Check user against current SSP and ensure only the users with privileges to make changes have the Least Privilege required permissions.

If the network device does not audit the enforcement actions used to restrict access associated with changes to the device, this is a finding.

Check Content Reference

M

Target Key

5245

Comments