STIGQter: STIG Summary: ForeScout CounterACT NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

CounterACT must authenticate SNMPv3 endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

DISA Rule

SV-90935r1_rule

Vulnerability Number

V-76247

Group Title

SRG-APP-000395-NDM-000310

Rule Version

CACT-NM-000040

Severity

CAT I

CCI(s)

• CCI-001967 - The information system authenticates organization-defined devices and/or types of devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

Weight

10

Fix Recommendation

Configure CounterACT to authenticate SNMP endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

1. Select Tools >> Options >> Switch.
2. Select a network device and review the "SNMP" tab.
3. Ensure that the "SNMPv3" option is selected and the "HMAC-SHA" authentication protocol is selected.
4. Ensure that the "use privacy" radio button is selected and "AES-128" is also selected from the drop-down box.

Check Contents

Review the CounterACT configuration to determine if the network device authenticates SNMP endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

1. Select Tools >> Options >> Switch.
2. Select a network device and review the "SNMP" tab.
3. Verify that the "SNMPv3" option is selected and the "HMAC-SHA" authentication protocol is selected.
4. Verify that the "use privacy" radio button is selected and "AES-128" is also selected from the drop-down box.

If CounterACT does not authenticate the endpoint devices before establishing a connection using bidirectional authentication that is cryptographically based, this is a finding.

Vulnerability Number

V-76247

Documentable

False

Rule Version

CACT-NM-000040

Severity Override Guidance

Review the CounterACT configuration to determine if the network device authenticates SNMP endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

1. Select Tools >> Options >> Switch.
2. Select a network device and review the "SNMP" tab.
3. Verify that the "SNMPv3" option is selected and the "HMAC-SHA" authentication protocol is selected.
4. Verify that the "use privacy" radio button is selected and "AES-128" is also selected from the drop-down box.

If CounterACT does not authenticate the endpoint devices before establishing a connection using bidirectional authentication that is cryptographically based, this is a finding.

Check Content Reference

M

Target Key

3225

Comments