STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout must be configured to notify the user before proceeding with remediation of the user's endpoint device when automated remediation is used.

DISA Rule

SV-233313r615864_rule

Vulnerability Number

V-233313

Group Title

SRG-NET-000015-NAC-000070

Rule Version

FORE-NC-000050

Severity

CAT II

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Log on to the Forescout UI.

1. Select the "Policy" tab.
2. Select a compliance policy, then click "Edit".
3. In the Sub-Rules section, select a policy and click "Edit".
4. From the Actions section, click Add >> Notify >> and select a notification method.

Check Contents

Check Forescout policy to ensure that exempt devices that are in need of remediation prompt the user to accept the remediation process, prior to conducting.

1. Log on to the Forescout UI.
2. Select the "Policy" tab.
3. Review the compliance policy identified by the site representation as the remediation policy, then click "Edit".
4. In the Sub-Rules section, select a policy and click "Edit".
5. From the Actions section, verify that the policy is configured to notify the user, prior to remediation, that user interaction is required.

If Forescout is not configured to notify the user before proceeding with remediation of the user's endpoint device when automated remediation is used, this is a finding.

Vulnerability Number

V-233313

Documentable

False

Rule Version

FORE-NC-000050

Severity Override Guidance

Check Forescout policy to ensure that exempt devices that are in need of remediation prompt the user to accept the remediation process, prior to conducting.

1. Log on to the Forescout UI.
2. Select the "Policy" tab.
3. Review the compliance policy identified by the site representation as the remediation policy, then click "Edit".
4. In the Sub-Rules section, select a policy and click "Edit".
5. From the Actions section, verify that the policy is configured to notify the user, prior to remediation, that user interaction is required.

If Forescout is not configured to notify the user before proceeding with remediation of the user's endpoint device when automated remediation is used, this is a finding.

Check Content Reference

M

Target Key

5250

Comments