STIGQter: STIG Summary: ForeScout CounterACT ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 26 Jan 2018:

If user authentication services are provided, CounterACT must restrict user authentication traffic to specific authentication server(s).

DISA Rule

SV-90627r1_rule

Vulnerability Number

V-75939

Group Title

SRG-NET-000138-ALG-000089

Rule Version

CACT-AG-000007

Severity

CAT II

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

If user authentication service is provided by CounterACT, configure the use of a central directory service for user authentication.

1. Connect to the CounterACT Admin Console and log in.
2. Go to Tools >> Options >> User Directory.
3. Ensure the User Directory configured for Authentication. Select the configured directory (or directories) and on the General Tab ensure the "Use for Authentication" radio button is selected.
4. Ensure the Hostname is correct for the assigned directory and then select "OK". (Select "Apply" if changes were made.)
5. Select the directory and then select test. Ensure both tests passed.

Check Contents

If CounterACT does not provide user authentication intermediary services, this is not applicable.

Verify CounterACT is configured to use a specific authentication server(s).

1. Connect to the CounterACT Admin Console and log in.
2. Go to Tools >> Options >> User Directory.
3. Verify the User Directory is configured for Authentication. Select the configured directory (or directories) and on the General Tab ensure the "Use for Authentication" radio button is selected.
4. Verify the Hostname is correct for the assigned directory and then select "OK". (Select "Apply" if changes were made.)
5. Select the directory and then select test. Verify both tests past.

If CounterACT does not restrict user authentication traffic to a specific authentication server(s), this is a finding.

Vulnerability Number

V-75939

Documentable

False

Rule Version

CACT-AG-000007

Severity Override Guidance

If CounterACT does not provide user authentication intermediary services, this is not applicable.

Verify CounterACT is configured to use a specific authentication server(s).

1. Connect to the CounterACT Admin Console and log in.
2. Go to Tools >> Options >> User Directory.
3. Verify the User Directory is configured for Authentication. Select the configured directory (or directories) and on the General Tab ensure the "Use for Authentication" radio button is selected.
4. Verify the Hostname is correct for the assigned directory and then select "OK". (Select "Apply" if changes were made.)
5. Select the directory and then select test. Verify both tests past.

If CounterACT does not restrict user authentication traffic to a specific authentication server(s), this is a finding.

Check Content Reference

M

Target Key

3223

Comments