STIGQter: STIG Summary: ForeScout CounterACT ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 26 Jan 2018:

CounterACT, when providing user authentication intermediary services, must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

DISA Rule

SV-90875r1_rule

Vulnerability Number

V-76187

Group Title

SRG-NET-000339-ALG-000090

Rule Version

CACT-AG-000012

Severity

CAT II

CCI(s)

• CCI-001951 - The information system implements multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

Weight

10

Fix Recommendation

If user authentication intermediary services are provided, configure CounterACT to implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

1. Connect to CounterACT’s Admin Console and log in.
2. Go to Tools >> Options >> User Directory.
3. Ensure the User Directory configured for Authentication uses Multi-Factor credentials Select the configured directory (or directories) and on the General Tab ensure the "Use for Authentication" radio button is selected.
4. Ensure the Hostname is correct for the assigned directory then select "OK". (Select "Apply" if changes were made.)

Check Contents

If CounterACT does not provide user authentication intermediary services, this is not applicable.

Verify CounterACT implements multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

1. Connect to CounterACT’s Admin Console and log in.
2. Go to Tools >> Options >> User Directory.
3. Verify the User Directory configured for Authentication uses Multi-Factor credentials Select the configured directory (or directories) and on the General Tab verify the "Use for Authentication" radio button is selected.
4. Verify the Hostname is correct for the assigned directory then select "OK". (Select "Apply" if changes were made.)

If CounterACT does not implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access, this is a finding.

Vulnerability Number

V-76187

Documentable

False

Rule Version

CACT-AG-000012

Severity Override Guidance

If CounterACT does not provide user authentication intermediary services, this is not applicable.

Verify CounterACT implements multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.

1. Connect to CounterACT’s Admin Console and log in.
2. Go to Tools >> Options >> User Directory.
3. Verify the User Directory configured for Authentication uses Multi-Factor credentials Select the configured directory (or directories) and on the General Tab verify the "Use for Authentication" radio button is selected.
4. Verify the Hostname is correct for the assigned directory then select "OK". (Select "Apply" if changes were made.)

If CounterACT does not implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access, this is a finding.

Check Content Reference

M

Target Key

3223

Comments