STIGQter STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout must generate a log record when the client machine fails policy assessment because required security software is missing or has been deleted.

DISA Rule

SV-233335r616546_rule

Vulnerability Number

V-233335

Group Title

SRG-NET-000492-NAC-002110

Rule Version

FORE-NC-000340

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Log on to the Forescout UI.

1. Select Tools >> Option >> HPS Inspection Engine >> SecureConnector.
2. In the Client-Server Connection, set the Minimum Supported TLS Version to TLS version 1.2.

Check Contents

Verify the policy assessment device uses TLS 1.2 to protect the confidentiality of the communication between the endpoint and the NAC.

1. Log on to the Forescout UI.
2. Select Tools >> Option >> HPS Inspection Engine >> SecureConnector.
3. In the Client-Server Connection, check the Minimum Supported TLS Version is set to TLS version 1.2.

If the NAC does not use TLS 1.2, at a minimum, to protect the confidentiality of information passed between the endpoint agent and the NAC for the purposes of client posture assessment, this is a finding.

Vulnerability Number

V-233335

Documentable

False

Rule Version

FORE-NC-000340

Severity Override Guidance

Verify the policy assessment device uses TLS 1.2 to protect the confidentiality of the communication between the endpoint and the NAC.

1. Log on to the Forescout UI.
2. Select Tools >> Option >> HPS Inspection Engine >> SecureConnector.
3. In the Client-Server Connection, check the Minimum Supported TLS Version is set to TLS version 1.2.

If the NAC does not use TLS 1.2, at a minimum, to protect the confidentiality of information passed between the endpoint agent and the NAC for the purposes of client posture assessment, this is a finding.

Check Content Reference

M

Target Key

5250

Comments