STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout must be configured with a secondary log server, in case the primary log is unreachable.

DISA Rule

SV-233336r616547_rule

Vulnerability Number

V-233336

Group Title

SRG-NET-000336-NAC-001390

Rule Version

FORE-NC-000420

Severity

CAT II

CCI(s)

• CCI-001861 - The information system invokes an organization-defined system mode, in the event of organization-defined audit failures, unless an alternate audit capability exists.

Weight

10

Fix Recommendation

1. Log on to the Forescout UI.
2. Select Tools >> Options >> Syslog >> Syslog Triggers.
3. Check all boxes in the NAC Events section. This includes the "Include NAC policy logs" and the "Include NAC policy match/unmatch events".

Check Contents

Verify the NAC is configured with a secondary log server in case the primary log is unreachable.

1. Log on to the Forescout UI.
2. Select Tools >> Options >>Syslog >>Syslog Triggers.
3. Verify all boxes in the NAC Events section are checked. This includes the "Include NAC policy logs" and the "Include NAC policy match/unmatch events".

If the NAC is not configured with a secondary log server in case the primary log is unreachable, this is a finding.

Vulnerability Number

V-233336

Documentable

False

Rule Version

FORE-NC-000420

Severity Override Guidance

Verify the NAC is configured with a secondary log server in case the primary log is unreachable.

1. Log on to the Forescout UI.
2. Select Tools >> Options >>Syslog >>Syslog Triggers.
3. Verify all boxes in the NAC Events section are checked. This includes the "Include NAC policy logs" and the "Include NAC policy match/unmatch events".

If the NAC is not configured with a secondary log server in case the primary log is unreachable, this is a finding.

Check Content Reference

M

Target Key

5250

Comments