STIGQter: STIG Summary: Forescout Network Device Management Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements.

DISA Rule

SV-230970r615886_rule

Vulnerability Number

V-230970

Group Title

SRG-APP-000190-NDM-000267

Rule Version

FORE-NM-000440

Severity

CAT I

CCI(s)

• CCI-001133 - The information system terminates the network connection associated with a communications session at the end of the session or after an organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Forescout is inherently designed to terminate upon exit or session disconnection, thus this part of the requirement does not have a fix.

To configure Forescout to terminate the connection after 10 minutes of inactivity perform the following steps.
1. Go to the Enterprise Manager Console.
2. From the menu, select Tools >> Options >> CounterACT User Profiles >> Password and Sessions.
3. Ensure the "User In-activity Timeout" check box is selected and the associated setting is set to "10 minutes".

Check Contents

To verify the device is configured to terminate management sessions after 10 minutes of inactivity, verify the timeout value is configured.

1. Go to the Enterprise Manager Console.
2. From the menu, select Tools >> Options >> CounterACT User Profiles >> Password and Sessions.
3. Verify the "User Inactivity Timeout" check box is selected and the associated setting is set to "10 minutes".

If applicable, verify exceptions to this requirement are documented and signed.

If Forescout does not terminate the connection associated with an Enterprise Manager Console at the end of the session or after 10 minutes of inactivity, this is a finding.

Vulnerability Number

V-230970

Documentable

False

Rule Version

FORE-NM-000440

Severity Override Guidance

To verify the device is configured to terminate management sessions after 10 minutes of inactivity, verify the timeout value is configured.

1. Go to the Enterprise Manager Console.
2. From the menu, select Tools >> Options >> CounterACT User Profiles >> Password and Sessions.
3. Verify the "User Inactivity Timeout" check box is selected and the associated setting is set to "10 minutes".

If applicable, verify exceptions to this requirement are documented and signed.

If Forescout does not terminate the connection associated with an Enterprise Manager Console at the end of the session or after 10 minutes of inactivity, this is a finding.

Check Content Reference

M

Target Key

5245

Comments