STIGQter STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout must generate a critical alert to be sent to the Information System Security Officer (ISSO) and Systems Administrator (SA) (at a minimum) in the event of an audit processing failure.

DISA Rule

SV-233325r615865_rule

Vulnerability Number

V-233325

Group Title

SRG-NET-000335-NAC-001360

Rule Version

FORE-NC-000170

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Log on to the Forescout UI.

1. Locate the audit process policies as identified by the site representative.
2. Configure a policy for audit failure to include the notification of security personnel. This could also include sending a balloon message, notification, or email.

Check Contents

Verify Forescout sends an alert to the proper security personnel when an audit process failure occurs.

1. Log on to the Forescout UI.
2. Locate the audit process policies as identified by the site representative.
3. Verify a policy for "audit failure" exists.
4. Verify this policy includes notification of security personnel.

If Forescout does not send an alert when an audit processing failure occurs, this is a finding.

Vulnerability Number

V-233325

Documentable

False

Rule Version

FORE-NC-000170

Severity Override Guidance

Verify Forescout sends an alert to the proper security personnel when an audit process failure occurs.

1. Log on to the Forescout UI.
2. Locate the audit process policies as identified by the site representative.
3. Verify a policy for "audit failure" exists.
4. Verify this policy includes notification of security personnel.

If Forescout does not send an alert when an audit processing failure occurs, this is a finding.

Check Content Reference

M

Target Key

5250

Comments