STIGQter: STIG Summary: ForeScout CounterACT ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 26 Jan 2018:

CounterACT, when providing user authentication intermediary services, must implement replay-resistant authentication mechanisms for network access to non-privileged accounts.

DISA Rule

SV-90629r1_rule

Vulnerability Number

V-75941

Group Title

SRG-NET-000147-ALG-000095

Rule Version

CACT-AG-000009

Severity

CAT II

CCI(s)

• CCI-001942 - The information system implements replay-resistant authentication mechanisms for network access to non-privileged accounts.

Weight

10

Fix Recommendation

If user authentication intermediary services are provided, configure CounterACT to implement replay-resistant authentication mechanisms for network access to non-privileged accounts.

1. Connect to CounterACT’s Admin Console and log in.
2. Go to Tools >> Options >> User Directory.
3. Ensure the User Directory is configured for secure methods of communication. On the Settings TAB ensure the "Use TLS" radio button is selected.
4. Select "OK". (Select "Apply" if changes were made.)

Check Contents

If CounterACT does not provide user authentication intermediary services, this is not applicable.

Verify CounterACT is configured to implement replay-resistant authentication mechanisms for network access to non-privileged accounts.

1. Connect to CounterACT’s Admin Console and log in.
2. Go to Tools >> Options >> User Directory.
3. Verify the User Directory is configured for secure methods of communication. On the Settings TAB ensure the "Use TLS" radio button is selected.

If CounterACT does not implement replay-resistant authentication mechanisms for network access to non-privileged accounts, this is a finding.

Vulnerability Number

V-75941

Documentable

False

Rule Version

CACT-AG-000009

Severity Override Guidance

If CounterACT does not provide user authentication intermediary services, this is not applicable.

Verify CounterACT is configured to implement replay-resistant authentication mechanisms for network access to non-privileged accounts.

1. Connect to CounterACT’s Admin Console and log in.
2. Go to Tools >> Options >> User Directory.
3. Verify the User Directory is configured for secure methods of communication. On the Settings TAB ensure the "Use TLS" radio button is selected.

If CounterACT does not implement replay-resistant authentication mechanisms for network access to non-privileged accounts, this is a finding.

Check Content Reference

M

Target Key

3223

Comments