STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-233340r615860_rule
V-233340
SRG-NET-000580-NAC-002530
FORE-NC-000470
CAT I
10
To configure FIPS Mode:
1. Log on using the CLIAdmin credentials established upon initial configuration.
2. To enable FIPS mode, type 'fstool fips'. A prompt will be generated alerting the user FIPS 140-2 will be enabled. Type "Yes" for FIPS to accept this prompt.
To configure TLS:
1. Log on to the Forescout management tool.
2. Select Tools >> Option >> HPS Inspection Engine >> SecureConnector.
3. In the Client-Server Connection, set the Minimum Supported TLS Version to TLS version 1.2.
1. Log on using the CLIAdmin credentials established upon initial configuration.
2. Verify FIPS mode by typing the command 'fstool version'.
To configure TLS:
1. Log on to the Forescout UI.
2. Select Tools >> Option >> HPS Inspection Engine >> SecureConnector.
3. In the Client-Server Connection, check the Minimum Supported TLS Version is set to TLS version 1.2.
If the NAC does not perform RFC 5280-compliant certification path validation for validating certificates used for TLS functions when connecting with endpoints, this is a finding.
V-233340
False
FORE-NC-000470
1. Log on using the CLIAdmin credentials established upon initial configuration.
2. Verify FIPS mode by typing the command 'fstool version'.
To configure TLS:
1. Log on to the Forescout UI.
2. Select Tools >> Option >> HPS Inspection Engine >> SecureConnector.
3. In the Client-Server Connection, check the Minimum Supported TLS Version is set to TLS version 1.2.
If the NAC does not perform RFC 5280-compliant certification path validation for validating certificates used for TLS functions when connecting with endpoints, this is a finding.
M
5250