STIGQter: STIG Summary: Forescout Network Device Management Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout must use FIPS 140-2 approved algorithms for authentication to a cryptographic module.

DISA Rule

SV-230969r615886_rule

Vulnerability Number

V-230969

Group Title

SRG-APP-000179-NDM-000265

Rule Version

FORE-NM-000430

Severity

CAT I

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

To enable FIPS mode on the Forescout appliance, start by opening a secure shell to the CLI of the management appliance using Putty or another tool.

Log on using the CLIAdmin credentials established upon initial configuration.

To enable FIPS mode, type "fstool fips". At the prompt to alert the user FIPS 140-2 will be enabled, type "Yes" to accept.

Note: Use of FIPS mode is not mandatory in DoD. However, it is the primary method for mitigation of this requirement and ensuring FIPS compliance.

Check Contents

Log on using the CLIAdmin credentials established upon initial configuration.

Verify FIPS mode by typing the command "fstool version".

If Forescout does not use FIPS 140-2 approved algorithms for authentication to a cryptographic module, this is a finding.

Vulnerability Number

V-230969

Documentable

False

Rule Version

FORE-NM-000430

Severity Override Guidance

Log on using the CLIAdmin credentials established upon initial configuration.

Verify FIPS mode by typing the command "fstool version".

If Forescout does not use FIPS 140-2 approved algorithms for authentication to a cryptographic module, this is a finding.

Check Content Reference

M

Target Key

5245

Comments