STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Endpoint policy assessment must proceed after the endpoint attempting access has been identified using an approved identification method such as IP address.

DISA Rule

SV-233310r611394_rule

Vulnerability Number

V-233310

Group Title

SRG-NET-000015-NAC-000030

Rule Version

FORE-NC-000020

Severity

CAT I

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Configure Forescout to identify the endpoint.

1. From the console on the Enterprise Manager console, select the Policy tab.
2. In accordance with the SSP, ensure that the endpoint compliance assessment policies have been configured and are functioning properly.

Check Contents

Determine if Forescout is configured to confirm endpoint policy assessment after the endpoint attempting access has been identified using an approved identification method.

1. Log on to the Forescout Administrator UI.
2. From the Home screen select the "Policy" tab.
3. Verify that policies exist that assess compliance in accordance with the SSP.
4. Examples include, but are not limited to:
- Verification that anti-virus software is authorized, running, and virus signatures are up to date.
- Host-based firewall installed and configured according to the organization's security policy.
- Host IDS/IPS is installed, operational, and up to date.
- Uses the result of malware, anti-virus, and IDS scans and status as part of the assessment decision process.
- Required BIOS, operating system, browser, and office application patch levels.
- Performs an assessment of the list of running services.
- Test for the presence of DoD-required software.
- Test for presence of peer-to-peer software (not allowed).

If Forescout does not have existing compliance assessment policies, this is a finding.

Vulnerability Number

V-233310

Documentable

False

Rule Version

FORE-NC-000020

Severity Override Guidance

Determine if Forescout is configured to confirm endpoint policy assessment after the endpoint attempting access has been identified using an approved identification method.

1. Log on to the Forescout Administrator UI.
2. From the Home screen select the "Policy" tab.
3. Verify that policies exist that assess compliance in accordance with the SSP.
4. Examples include, but are not limited to:
- Verification that anti-virus software is authorized, running, and virus signatures are up to date.
- Host-based firewall installed and configured according to the organization's security policy.
- Host IDS/IPS is installed, operational, and up to date.
- Uses the result of malware, anti-virus, and IDS scans and status as part of the assessment decision process.
- Required BIOS, operating system, browser, and office application patch levels.
- Performs an assessment of the list of running services.
- Test for the presence of DoD-required software.
- Test for presence of peer-to-peer software (not allowed).

If Forescout does not have existing compliance assessment policies, this is a finding.

Check Content Reference

M

Target Key

5250

Comments