STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout must enforce the revocation of endpoint access authorizations when devices are removed from an authorization group.

DISA Rule

SV-233320r611394_rule

Vulnerability Number

V-233320

Group Title

SRG-NET-000321-NAC-001210

Rule Version

FORE-NC-000120

Severity

CAT II

CCI(s)

• CCI-002178 - The information system enforces the revocation of access authorizations resulting from changes to the security attributes of subjects based on organization-defined rules governing the timing of revocations of access authorizations.

Weight

10

Fix Recommendation

Log on to the Forescout UI.

From the Policy tab, check that the authorization policy has a Block Action enabled on any devices that have not met or are removed from the authorized group.

Check Contents

Verify Forescout admission policy has been configured to revoke access to endpoints that have not met or are removed from the authorized group.

If Forescout is not configured with an admissions policy that enforces the revocation of endpoint access authorizations based on when devices are removed from an authorization group, this is a finding.

Vulnerability Number

V-233320

Documentable

False

Rule Version

FORE-NC-000120

Severity Override Guidance

Verify Forescout admission policy has been configured to revoke access to endpoints that have not met or are removed from the authorized group.

If Forescout is not configured with an admissions policy that enforces the revocation of endpoint access authorizations based on when devices are removed from an authorization group, this is a finding.

Check Content Reference

M

Target Key

5250

Comments