STIGQter: STIG Summary: Forescout Network Device Management Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout must only allow authorized administrators to view or change the device configuration, system files, and other files stored either in the device or on removable media (such as a flash drive).

DISA Rule

SV-230971r615886_rule

Vulnerability Number

V-230971

Group Title

SRG-APP-000231-NDM-000271

Rule Version

FORE-NM-000450

Severity

CAT I

CCI(s)

• CCI-001199 - The information system protects the confidentiality and/or integrity of organization-defined information at rest.

Weight

10

Fix Recommendation

Review the SSP or other documentation for a list of user accounts and privileges. Set the file permissions on files on Forescout or on removable media used by the device so that only authorized administrators can read or change their contents. This is completed by limiting access to SUDO accounts and command line admin accounts.

1. Review accounts with incorrect update privileges to Forescout appliance configuration by selecting Tools >> Options >> CounterACT User Profiles.
2. Select a user to edit.
3. Select the "Permissions" tab.
4. Ensure the "CounterACT Appliance Configuration" and "CounterACT Appliance Control" radio buttons are set to "View only".

Check Contents

List the contents of Forescout’s local storage, including any drives supporting removable media (such as flash drives), and check the file permissions of all files on those drives.

1. Review accounts with incorrect update privileges to Forescout appliance configuration by selecting Tools >> Options >> CounterACT User Profiles.
2. Select a user to edit.
3. Select the "Permissions" tab.
4. Verify the "CounterAct Appliance Configuration" and "CounterACT Appliance Control" radio buttons are set to "View only".

If any files allow read or write access by accounts not specifically authorized access or access using non-privileged accounts, this is a finding.

Vulnerability Number

V-230971

Documentable

False

Rule Version

FORE-NM-000450

Severity Override Guidance

List the contents of Forescout’s local storage, including any drives supporting removable media (such as flash drives), and check the file permissions of all files on those drives.

1. Review accounts with incorrect update privileges to Forescout appliance configuration by selecting Tools >> Options >> CounterACT User Profiles.
2. Select a user to edit.
3. Select the "Permissions" tab.
4. Verify the "CounterAct Appliance Configuration" and "CounterACT Appliance Control" radio buttons are set to "View only".

If any files allow read or write access by accounts not specifically authorized access or access using non-privileged accounts, this is a finding.

Check Content Reference

M

Target Key

5245

Comments