STIGQter STIGQter: STIG Summary: ForeScout CounterACT NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017: CounterACT must prohibit password reuse for a minimum of five generations.

DISA Rule

SV-90889r1_rule

Vulnerability Number

V-76201

Group Title

SRG-APP-000165-NDM-000253

Rule Version

CACT-NM-000031

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure CounterACT to prohibit password reuse for a minimum of five generations.

1. Log on to the CounterACT Administrator UI.
2. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
3. Ensure the "Last" radio button is selected and the option with "5" passwords cannot be reused is configured.

Check Contents

Determine if CounterACT prohibits password reuse for a minimum of five generations. This requirement may be verified by demonstration or configuration review.

1. Verify if the user profiles are using external authentication server or local. If using local, proceed to Step 2. If using external, verify the settings using the Authentication Server configuration guide.
2. Log on to the CounterACT Administrator UI.
3. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
4. Verify the "Last" radio button is selected and the option with "5" passwords cannot be reused is configured.

If CounterACT does not prohibit password reuse for a minimum of five generations, this is a finding.

Vulnerability Number

V-76201

Documentable

False

Rule Version

CACT-NM-000031

Severity Override Guidance

Determine if CounterACT prohibits password reuse for a minimum of five generations. This requirement may be verified by demonstration or configuration review.

1. Verify if the user profiles are using external authentication server or local. If using local, proceed to Step 2. If using external, verify the settings using the Authentication Server configuration guide.
2. Log on to the CounterACT Administrator UI.
3. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
4. Verify the "Last" radio button is selected and the option with "5" passwords cannot be reused is configured.

If CounterACT does not prohibit password reuse for a minimum of five generations, this is a finding.

Check Content Reference

M

Target Key

3225

Comments