STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout must enforce the revocation of endpoint access authorizations at the next compliance assessment interval based on changes to the compliance assessment security policy.

DISA Rule

SV-233321r611394_rule

Vulnerability Number

V-233321

Group Title

SRG-NET-000322-NAC-001220

Rule Version

FORE-NC-000130

Severity

CAT II

CCI(s)

• CCI-002179 - The information system enforces the revocation of access authorizations resulting from changes to the security attributes of objects based on organization-defined rules governing the timing of revocations of access authorizations.

Weight

10

Fix Recommendation

Log on to the Forescout UI.

From the Policy tab, check that the authorization policy has a Block Action enabled on any devices that have not met or are removed from the authorized group.

Check Contents

Verify Forescout admission policy has been configured to revoke access to endpoints that have not met or are removed from the authorized group.

If Forescout is not configured with an admissions policy that enforces the revocation of endpoint access authorizations based on when devices are removed from an authorization group, this is a finding.

Vulnerability Number

V-233321

Documentable

False

Rule Version

FORE-NC-000130

Severity Override Guidance

Verify Forescout admission policy has been configured to revoke access to endpoints that have not met or are removed from the authorized group.

If Forescout is not configured with an admissions policy that enforces the revocation of endpoint access authorizations based on when devices are removed from an authorization group, this is a finding.

Check Content Reference

M

Target Key

5250

Comments