STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-233309r611394_rule
V-233309
SRG-NET-000015-NAC-000020
FORE-NC-000010
CAT I
10
Configure Forescout with device attribute policies that include type, IP address, resource group, mission conditions, and other criteria as defined in the NAC SSP.
1. Log on to Forescout UI.
2. From the Policy tab, select the top most policy.
3. Select Add >> Classification >> Primary Classification, and then click "Next".
4. Give the policy a name, then click "Next".
5. Select the IP Address Range the policy will apply to, click "Ok", and then click "Next".
6. Select "Finish, then click "Apply".
Verify Forescout has been configured to include assessment filters for device attributes such as type, IP address, resource group, mission conditions, and other criteria as defined in the NAC SSP.
If the NAC does not employ admissions assessment filters which include, at a minimum, device attributes such as type, IP address, resource group, mission conditions, and other criteria as defined in the NAC SSP, this is a finding.
V-233309
False
FORE-NC-000010
Verify Forescout has been configured to include assessment filters for device attributes such as type, IP address, resource group, mission conditions, and other criteria as defined in the NAC SSP.
If the NAC does not employ admissions assessment filters which include, at a minimum, device attributes such as type, IP address, resource group, mission conditions, and other criteria as defined in the NAC SSP, this is a finding.
M
5250