STIGQter: STIG Summary: ForeScout CounterACT ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 26 Jan 2018:

CounterACT, when providing user authentication intermediary services, must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.

DISA Rule

SV-90873r1_rule

Vulnerability Number

V-76185

Group Title

SRG-NET-000337-ALG-000096

Rule Version

CACT-AG-000011

Severity

CAT II

CCI(s)

• CCI-002038 - The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication.

Weight

10

Fix Recommendation

If user access control intermediary services are provided, configure CounterACT to require users to reauthenticate when organization-defined circumstances or situations require reauthentication.

1. Connect to CounterACT’s Admin Console and log in.
2. Go to Tools >> Options >> 802.1x.
3. Select the Pre-Admission Authorization tab.
4. On each Rule that "Accepts", ensure there is an Attribute "Session-Timeout" configured to the maximum session configuration, typically 60 minutes, but not more than 120.

Check Contents

If CounterACT does not provide user authentication intermediary services, this is not applicable.

Verify CounterACT is configured to require users to reauthenticate when organization-defined circumstances or situations require reauthentication.

1. Connect to CounterACT’s Admin Console and log in.
2. Go to Tools >> Options >> 802.1x.
3. Select the Pre-Admission Authorization tab.
4. On each Rule that "Accepts", verify there is an Attribute "Session-Timeout" configured to the maximum session configuration, typically 60 minutes, but not more than 120.

If CounterACT does not require users to reauthenticate when organization-defined circumstances or situations require reauthentication, this is a finding.

Vulnerability Number

V-76185

Documentable

False

Rule Version

CACT-AG-000011

Severity Override Guidance

If CounterACT does not provide user authentication intermediary services, this is not applicable.

Verify CounterACT is configured to require users to reauthenticate when organization-defined circumstances or situations require reauthentication.

1. Connect to CounterACT’s Admin Console and log in.
2. Go to Tools >> Options >> 802.1x.
3. Select the Pre-Admission Authorization tab.
4. On each Rule that "Accepts", verify there is an Attribute "Session-Timeout" configured to the maximum session configuration, typically 60 minutes, but not more than 120.

If CounterACT does not require users to reauthenticate when organization-defined circumstances or situations require reauthentication, this is a finding.

Check Content Reference

M

Target Key

3223

Comments