SV-233331r611394_rule
V-233331
SRG-NET-000517-NAC-002370
FORE-NC-000260
CAT II
10
Log on to the Forescout UI.
1. Select Tools >> Options >> Certificates.
2. Check that in the Ongoing TLS Sessions section, view the Re-verify TLS Sessions.
3. Change the Re-verify TLS Sessions to Every 1 Day or in accordance with the site's SSP, then click "Apply".
4. Next select the HPS Inspection Engine >> SecureConnector.
5. In the Client-Server Connection, ensure the Minimum Supported TLS Version is set to TLS version 1.2.
Verify Forescout is configured to a list of DoD-approved certificate types and CAs.
Verify the TLS session is configured to automatically terminate any session if the client does not have a suitable certificate.
For TLS connections, if Forescout is not configured to automatically terminate the session when the client does not have a suitable certificate, this is a finding.
V-233331
False
FORE-NC-000260
Verify Forescout is configured to a list of DoD-approved certificate types and CAs.
Verify the TLS session is configured to automatically terminate any session if the client does not have a suitable certificate.
For TLS connections, if Forescout is not configured to automatically terminate the session when the client does not have a suitable certificate, this is a finding.
M
5250