STIGQter STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout must be configured to log records onto a centralized events server.

DISA Rule

SV-233323r611394_rule

Vulnerability Number

V-233323

Group Title

SRG-NET-000333-NAC-001340

Rule Version

FORE-NC-000150

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure Syslog server with TCP, as well as configure Syslog to alert if the communication between the Syslog server and the Forescout appliance loses connectivity.

1. Go to Tools >> Options >> Syslog.
2. Click Add/Edit.
3. Configure the Syslog:
- Syslog Server IP address
- Server Port
- Server Protocol set to TCP
- Check the Use TLS setting
- Configure the Identity, Facility, and Severity.
4. Click "Ok".
5. Click "Apply".

Note: A secondary syslog server is required to fully meet this requirement (covered in NDM STIG). Use the same instructions to configure a second syslog.

Check Contents

1. Go to Tools >> Options >> Syslog.
2. Verify a central log server's IP address is configured.

If Forescout does not configured to log records onto a centralized events server, this is a finding.

Vulnerability Number

V-233323

Documentable

False

Rule Version

FORE-NC-000150

Severity Override Guidance

1. Go to Tools >> Options >> Syslog.
2. Verify a central log server's IP address is configured.

If Forescout does not configured to log records onto a centralized events server, this is a finding.

Check Content Reference

M

Target Key

5250

Comments