STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Communications between Forescout endpoint agent and the switch must transmit access authorization information via a protected path using a cryptographic mechanism.

DISA Rule

SV-233334r611394_rule

Vulnerability Number

V-233334

Group Title

SRG-NET-000320-NAC-001200

Rule Version

FORE-NC-000290

Severity

CAT II

CCI(s)

• CCI-002353 - The information system transmits organization-defined access authorization information using organization-defined security safeguards to organization-defined information systems which enforce access control decisions.

Weight

10

Fix Recommendation

Log on to the Forescout UI.

1. Select Tools >> Option >> HPS Inspection Engine >> SecureConnector.
2. In the Client-Server Connection, check the Minimum Supported TLS Version is set to TLS version 1.2.

Check Contents

Verify both ends are configured for secure communications between the NAC and NAC agent.

If communication between the NAC and NAC agent does not use an encrypted method for protecting posture information transmitted between the devices, this is a finding.

Vulnerability Number

V-233334

Documentable

False

Rule Version

FORE-NC-000290

Severity Override Guidance

Verify both ends are configured for secure communications between the NAC and NAC agent.

If communication between the NAC and NAC agent does not use an encrypted method for protecting posture information transmitted between the devices, this is a finding.

Check Content Reference

M

Target Key

5250

Comments