STIGQter STIGQter: STIG Summary: ForeScout CounterACT NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

CounterACT must enable Threat Protection notifications to alert security personnel to Cyber events detected by a CounterACT IAW CJCSM 6510.01B.

DISA Rule

SV-90905r1_rule

Vulnerability Number

V-76217

Group Title

SRG-APP-000516-NDM-000333

Rule Version

CACT-NM-000009

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Enable and configure Threat Protection notifications.

1. Select Tools >> Options >> Threat Protection.
2. At the bottom of the Threat Protection pane, select "Customer" and then select the "Notify" tab.
3. Modify the Maximum emails per day to "15" and infected host notification to 1 hour.

Check Contents

Verify Threat Protection notifications are enabled and configured.

1. Select Tools >> Options >> Threat Protection.
2. At the bottom of the Threat Protection pane, select "Customer" and then select the "Notify" tab.
3. Verify the Maximum emails per day is set to "15" and infected host notification is set to 1 hour.

If CounterACT does not enable Threat Protection notifications to alert security personnel to Cyber events detected by a CounterACT IAW CJCSM 6510.01B, this is a finding.

Vulnerability Number

V-76217

Documentable

False

Rule Version

CACT-NM-000009

Severity Override Guidance

Verify Threat Protection notifications are enabled and configured.

1. Select Tools >> Options >> Threat Protection.
2. At the bottom of the Threat Protection pane, select "Customer" and then select the "Notify" tab.
3. Verify the Maximum emails per day is set to "15" and infected host notification is set to 1 hour.

If CounterACT does not enable Threat Protection notifications to alert security personnel to Cyber events detected by a CounterACT IAW CJCSM 6510.01B, this is a finding.

Check Content Reference

M

Target Key

3225

Comments