STIGQter: STIG Summary: ForeScout CounterACT ALG Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 26 Jan 2018:

CounterACT must use an Enterprise Manager or other high availability solution to ensure redundancy in case of audit failure in this critical network access control and security service.

DISA Rule

SV-90879r2_rule

Vulnerability Number

V-76191

Group Title

SRG-NET-000089-ALG-000055

Rule Version

CACT-AG-000026

Severity

CAT II

CCI(s)

• CCI-000140 - The information system takes organization-defined actions upon audit failure (e.g., shut down information system, overwrite oldest audit records, stop generating audit records).

Weight

10

Fix Recommendation

Design and install CounterACT implementation to include an Enterprise Manager combined with one or more Appliances or a high availability solution. The Appliances will associate with the enterprise Manager or the high availability solution.

Check Contents

Examine architecture documentation. Verify CounterACT implementation includes an Enterprise Manager combined with Appliances to ensure redundancy. It is also acceptable to have two appliances configured for redundancy.

If CounterACT implementation does not include an Enterprise Manager combined with Appliances or a high availability solution to ensure redundancy, this is a finding.

Vulnerability Number

V-76191

Documentable

False

Rule Version

CACT-AG-000026

Severity Override Guidance

Examine architecture documentation. Verify CounterACT implementation includes an Enterprise Manager combined with Appliances to ensure redundancy. It is also acceptable to have two appliances configured for redundancy.

If CounterACT implementation does not include an Enterprise Manager combined with Appliances or a high availability solution to ensure redundancy, this is a finding.

Check Content Reference

M

Target Key

3223

Comments