STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout appliance must not be configured to implement a DHCP layer 3 method for separation or device authorization.

DISA Rule

SV-233315r611394_rule

Vulnerability Number

V-233315

Group Title

SRG-NET-000015-NAC-000090

Rule Version

FORE-NC-000070

Severity

CAT I

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Log on to the Forescout UI.

1. Locate the Authentication & Authorization policy.
2. Ensure all traffic passing through the NAC is properly labeled and that all authenticated and non-authenticated traffic goes through the NAC.

Check Contents

Check Forescout policy and ensure it is configured to prohibit the use of DHCP to separate authenticated and non-authenticated network access requests.

If the NAC does not prohibit the use of DHCP to separate authenticated and non-authenticated network access requests, this is a finding.

Vulnerability Number

V-233315

Documentable

False

Rule Version

FORE-NC-000070

Severity Override Guidance

Check Forescout policy and ensure it is configured to prohibit the use of DHCP to separate authenticated and non-authenticated network access requests.

If the NAC does not prohibit the use of DHCP to separate authenticated and non-authenticated network access requests, this is a finding.

Check Content Reference

M

Target Key

5250

Comments