STIGQter: STIG Summary: ForeScout CounterACT NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

CounterACT must terminate all network connections associated with an SSH connection session upon Exit, session disconnection, or after 10 minutes of inactivity, except where prevented by documented and validated mission requirements.

DISA Rule

SV-90915r1_rule

Vulnerability Number

V-76227

Group Title

SRG-APP-000190-NDM-000267

Rule Version

CACT-NM-000002

Severity

CAT II

CCI(s)

• CCI-001133 - The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Weight

10

Fix Recommendation

CounterACT is inherently designed to terminate upon Exit or session disconnection, thus this part of the requirement does not have a fix. To configure CounterACT to terminate the connection after "10" minutes of inactivity perform the following steps.

1. On the Enterprise Manager Console.
2. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
3. Ensure the "User In-activity Timeout" check box is selected and the associated setting is set to "10" minutes.

If exceptions to this requirement are necessary based on mission requirements, document the mission requirement and validate with a signature by a designated authority.

Check Contents

CounterACT is inherently designed to terminate upon Exit or session disconnection, thus this part of the requirement does not have to be verified. To verify the device is configured to terminate management sessions after "10" minutes of inactivity, verify the timeout value is configured.

1. On the Enterprise Manager Console.
2. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
3. Verify the "User Inactivity Timeout" check box is selected and the associated setting is set to "10" minutes.

If applicable, verify exceptions to this requirement are documented and signed.

If Counteract does not terminate the connection associated with an Enterprise Manager Console at the end of the session or after "10" minutes of inactivity, this is a finding.

Vulnerability Number

V-76227

Documentable

False

Rule Version

CACT-NM-000002

Severity Override Guidance

CounterACT is inherently designed to terminate upon Exit or session disconnection, thus this part of the requirement does not have to be verified. To verify the device is configured to terminate management sessions after "10" minutes of inactivity, verify the timeout value is configured.

1. On the Enterprise Manager Console.
2. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
3. Verify the "User Inactivity Timeout" check box is selected and the associated setting is set to "10" minutes.

If applicable, verify exceptions to this requirement are documented and signed.

If Counteract does not terminate the connection associated with an Enterprise Manager Console at the end of the session or after "10" minutes of inactivity, this is a finding.

Check Content Reference

M

Target Key

3225

Comments