STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout must place client machines on the blacklist and terminate Forescout agent connection when critical security issues are found that put the network at risk.

DISA Rule

SV-233318r611394_rule

Vulnerability Number

V-233318

Group Title

SRG-NET-000015-NAC-000120

Rule Version

FORE-NC-000100

Severity

CAT I

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Login to the Forescout UI.

1. From the Policy tab, identify a Compliance policy.
2. Within the Compliance policy, under Sub-Rule for a device with critical security issues, ensure that an action that Adds Device to Blacklist and/or Disables Device, is enabled.

Check Contents

Check Forescout policy to ensure that any device with a critical security issue is checked through a security policy and an action is taken to either blacklist it or terminate communication with other network devices.

If the NAC does not immediately place the device on the blacklist and terminate the connection when critical security issues are found that put the network at immediate risk, this a finding.

Vulnerability Number

V-233318

Documentable

False

Rule Version

FORE-NC-000100

Severity Override Guidance

Check Forescout policy to ensure that any device with a critical security issue is checked through a security policy and an action is taken to either blacklist it or terminate communication with other network devices.

If the NAC does not immediately place the device on the blacklist and terminate the connection when critical security issues are found that put the network at immediate risk, this a finding.

Check Content Reference

M

Target Key

5250

Comments