STIGQter: STIG Summary: ForeScout CounterACT NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

CounterACT must generate audit log events for a locally developed list of auditable events.

DISA Rule

SV-90895r1_rule

Vulnerability Number

V-76207

Group Title

SRG-APP-000516-NDM-000334

Rule Version

CACT-NM-000010

Severity

CAT III

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

Configure CounterACT to generate audit log events for a locally developed list of auditable events.

1. Open the CounterACT Console.
2. Select Tools >> Options >> Plugin.
3. Select the Syslog Plugin.
4. Select CounterACT or the Enterprise Manager appliance you would like to verify.
5. Ensure additional settings for audit are available by ensuring that either one of these options is selected: "Include only messages generated by the 'send message to syslog action'" or "include NAC policy logs".

Check Contents

Determine if CounterACT generates audit log events for a locally developed list of auditable events.

1. Open the CounterACT Console.
2. Select Tools >> Options >> Plugin.
3. Select the Syslog Plugin.
4. Select CounterACT or the Enterprise Manager appliance you would like to verify.
5. Verify additional settings for audit are available by ensuring that either one of these options is selected: "Include only messages generated by the 'send message to syslog action'" or "include NAC policy logs".

If CounterACT is not configured to generate audit log events for a locally developed list of auditable events, this is a finding.

CounterACT must generate audit log events for a locally developed list of auditable events.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments