STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

For endpoints that require automated remediation, Forescout must be configured to redirect endpoints to a logically separate VLAN for remediation services.

DISA Rule

SV-233311r616544_rule

Vulnerability Number

V-233311

Group Title

SRG-NET-000015-NAC-000040

Rule Version

FORE-NC-000030

Severity

CAT I

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Configure Forescout to identify the endpoint.

1. From the Policy tab, select the top most policy.
2. Select Add >> Classification >> Primary Classification, and then click Next.
3. Give the policy a name, then click Next.
4. Select the IP Address Range the policy will apply to, click "OK," and then click "Next".
5. Select "Finish", and then click "Apply".

This collects a series of attributes for each endpoint that can then be used in a policy as the unique identifier. However, by default the IP address is used, for example in the log records.

Check Contents

If automated remediation is not required by the SSP, this is not a finding.

Verify Forescout is configured to redirect endpoints requiring automated remediation to a separated VLAN that is isolated from trusted traffic.

1. From the Policy tab, select the top most policy.
2. Verify at least one endpoint policy exists that redirects failed endpoints to a VLAN that is separate from the trusted network.

If Forescout does not have one or more policies that redirect endpoints that require automated remediation to a VLAN that is isolated and logically separated, this is a finding.

Vulnerability Number

V-233311

Documentable

False

Rule Version

FORE-NC-000030

Severity Override Guidance

If automated remediation is not required by the SSP, this is not a finding.

Verify Forescout is configured to redirect endpoints requiring automated remediation to a separated VLAN that is isolated from trusted traffic.

1. From the Policy tab, select the top most policy.
2. Verify at least one endpoint policy exists that redirects failed endpoints to a VLAN that is separate from the trusted network.

If Forescout does not have one or more policies that redirect endpoints that require automated remediation to a VLAN that is isolated and logically separated, this is a finding.

Check Content Reference

M

Target Key

5250

Comments