STIGQter STIGQter: STIG Summary: ForeScout CounterACT NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

CounterACT must disable all unnecessary and/or nonsecure plugins.

DISA Rule

SV-90911r1_rule

Vulnerability Number

V-76223

Group Title

SRG-APP-000142-NDM-000245

Rule Version

CACT-NM-000025

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the network device to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services. The following is an example of disabling the wireless plugin if no wireless devices are directly managed by CounterACT.

Example:
1. Connect to the CounterACT Console and select Tools >> Options >> Plugins.
2. Determine if the wireless plugin status is "Enabled", select the plugin, and select "Stop" (for all appliances).

This process can be used to disable or remove plugins not being used.

Check Contents

Navigate to the plugin tool and remove all unneeded or unsecure services.

1. Connect to the CounterACT Console and select Tools >> Options >> Plugins.
2. Review the list of plugins. If an unnecessary or nonsecure service is "Enabled", select the plugin and then select "Configure".

If no configuration is present, this is a finding.

If any unnecessary or nonsecure functions are enabled, this is a finding.

Vulnerability Number

V-76223

Documentable

False

Rule Version

CACT-NM-000025

Severity Override Guidance

Navigate to the plugin tool and remove all unneeded or unsecure services.

1. Connect to the CounterACT Console and select Tools >> Options >> Plugins.
2. Review the list of plugins. If an unnecessary or nonsecure service is "Enabled", select the plugin and then select "Configure".

If no configuration is present, this is a finding.

If any unnecessary or nonsecure functions are enabled, this is a finding.

Check Content Reference

M

Target Key

3225

Comments