STIGQter: STIG Summary: Forescout Network Device Management Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout must generate log records for a locally developed list of auditable events.

DISA Rule

SV-230955r615886_rule

Vulnerability Number

V-230955

Group Title

SRG-APP-000516-NDM-000334

Rule Version

FORE-NM-000280

Severity

CAT II

CCI(s)

CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.
CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Configure Forescout auditing messages to ensure auditing is comprehensible for monitoring and analysis.

1. Log on to Forescout Administrator UI with admin or operator credentials.
2. From the menu, select Tools >> Options >> Modules >> Syslog >> Syslog Triggers.
3. Ensure the proper NAC events and System Logs and Events are selected.

Check Contents

Verify the syslog triggers are configured in accordance with SSP requirements.

1. Log on to Forescout Administrator UI with admin or operator credentials.
2. From the menu, select Tools >> Options >> Modules >> Syslog >> Syslog Triggers.
3. Ensure the proper NAC events and System Logs and Events are selected in compliance with the SSP.

If Forescout does not generate log records for a locally developed list of auditable events, this is a finding.

Forescout must generate log records for a locally developed list of auditable events.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments