STIGQter: STIG Summary: Forescout Network Access Control Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

Forescout switch module must only allow a maximum of one registered MAC address per access port.

DISA Rule

SV-233330r616542_rule

Vulnerability Number

V-233330

Group Title

SRG-NET-000343-NAC-001480

Rule Version

FORE-NC-000240

Severity

CAT II

CCI(s)

• CCI-001958 - The information system authenticates an organization-defined list of specific and/or types of devices before establishing a local, remote, or network connection.

Weight

10

Fix Recommendation

Forescout has the ability to configure the amount of Maximum connected endpoints per port.

1. Log on to the Forescout UI.
2. Go to Tools >> Options >> Switch >> Permissions >> Advanced.
3. Set the Maximum connected endpoints per port to one.

Check Contents

Review the switch configuration to verify each access port is configured for a single registered MAC address.

1. Log on to the Forescout UI.
2. Go to Tools >> Options >> Switch >> Permissions >> Advanced.
3. Verify the "Maximum connected endpoints per port" is set to "1".

If Forescout switch is not configured to permit a maximum of one registered MAC address per access port, this is a finding.

Vulnerability Number

V-233330

Documentable

False

Rule Version

FORE-NC-000240

Severity Override Guidance

Review the switch configuration to verify each access port is configured for a single registered MAC address.

1. Log on to the Forescout UI.
2. Go to Tools >> Options >> Switch >> Permissions >> Advanced.
3. Verify the "Maximum connected endpoints per port" is set to "1".

If Forescout switch is not configured to permit a maximum of one registered MAC address per access port, this is a finding.

Check Content Reference

M

Target Key

5250

Comments