STIGQter: STIG Summary: ForeScout CounterACT NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

CounterACT must prohibit password reuse for a minimum of five generations.

DISA Rule

SV-90889r1_rule

Vulnerability Number

V-76201

Group Title

SRG-APP-000165-NDM-000253

Rule Version

CACT-NM-000031

Severity

CAT II

CCI(s)

CCI-000200 - The information system prohibits password reuse for the organization-defined number of generations.

Weight

Fix Recommendation

Configure CounterACT to prohibit password reuse for a minimum of five generations.

1. Log on to the CounterACT Administrator UI.
2. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
3. Ensure the "Last" radio button is selected and the option with "5" passwords cannot be reused is configured.

Check Contents

Determine if CounterACT prohibits password reuse for a minimum of five generations. This requirement may be verified by demonstration or configuration review.

1. Verify if the user profiles are using external authentication server or local. If using local, proceed to Step 2. If using external, verify the settings using the Authentication Server configuration guide.
2. Log on to the CounterACT Administrator UI.
3. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
4. Verify the "Last" radio button is selected and the option with "5" passwords cannot be reused is configured.

If CounterACT does not prohibit password reuse for a minimum of five generations, this is a finding.

CounterACT must prohibit password reuse for a minimum of five generations.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments