STIGQter: STIG Summary: ForeScout CounterACT NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

CounterACT must enforce access restrictions associated with changes to the system components.

DISA Rule

SV-90893r1_rule

Vulnerability Number

V-76205

Group Title

SRG-APP-000516-NDM-000335

Rule Version

CACT-NM-000011

Severity

CAT II

CCI(s)

• CCI-000345 - The organization enforces logical access restrictions associated with changes to the information system.
• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure CounterACT to enforce access restrictions associated with changes to the system components.

1. Log on to the CounterACT Administrator UI with admin or operator credentials.
2. From the menu, select Tools >> Options >> User Console and Options.
3. Select (highlight) the user profile to be reviewed (group or user) and then select "Edit".
4. Verify the non-administrator account selected does not have "update" on the "Permissions" tab for "CounterACT Appliance Configuration".

Check Contents

Check CounterACT to determine if only authorized administrators have permissions for changes, deletions, and updates on the network device. Inspect the maintenance log to verify changes are being made only by the system administrators.

1. Log on to the CounterACT Administrator UI with admin or operator credentials.
2. From the menu, select Tools >> Options >> User Console and Options.
3. Select (highlight) the user profile to be reviewed (group or user) and then select "Edit".
4. Verify the non-administrator account selected does not have "update" on the "Permissions" tab for "CounterACT Appliance Configuration".

If unauthorized users are allowed to change the hardware or software, this is a finding.

Vulnerability Number

V-76205

Documentable

False

Rule Version

CACT-NM-000011

Severity Override Guidance

Check CounterACT to determine if only authorized administrators have permissions for changes, deletions, and updates on the network device. Inspect the maintenance log to verify changes are being made only by the system administrators.

1. Log on to the CounterACT Administrator UI with admin or operator credentials.
2. From the menu, select Tools >> Options >> User Console and Options.
3. Select (highlight) the user profile to be reviewed (group or user) and then select "Edit".
4. Verify the non-administrator account selected does not have "update" on the "Permissions" tab for "CounterACT Appliance Configuration".

If unauthorized users are allowed to change the hardware or software, this is a finding.

Check Content Reference

M

Target Key

3225

Comments