STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout must deny or restrict access for endpoints that fail critical endpoint security checks.

DISA Rule

SV-233322r611394_rule

Vulnerability Number

V-233322

Group Title

SRG-NET-000322-NAC-001230

Rule Version

FORE-NC-000140

Severity

CAT II

CCI(s)

• CCI-002179 - The information system enforces the revocation of access authorizations resulting from changes to the security attributes of objects based on organization-defined rules governing the timing of revocations of access authorizations.

Weight

10

Fix Recommendation

Log on to the Forescout UI.

From the Policy tab, check any Pre-Connect policies to ensure devices that fail the baseline security configuration requirements are set to either restrict access to production network, are granted access to only remediation network, or are granted to a limited access network.

Check Contents

Verify Forescout has been configured to redirect filtered devices to a limited access network to include a remediation network or limited access network.

If a policy does not exist that redirects the failed device to an authorized network for remediation or limited access, this is not a finding.

If the NAC does not deny or restrict access for endpoints that fail critical endpoint security checks, this is a finding.

Vulnerability Number

V-233322

Documentable

False

Rule Version

FORE-NC-000140

Severity Override Guidance

Verify Forescout has been configured to redirect filtered devices to a limited access network to include a remediation network or limited access network.

If a policy does not exist that redirects the failed device to an authorized network for remediation or limited access, this is not a finding.

If the NAC does not deny or restrict access for endpoints that fail critical endpoint security checks, this is a finding.

Check Content Reference

M

Target Key

5250

Comments