STIGQter STIGQter: STIG Summary: ForeScout CounterACT NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:

CounterACT must terminate all network connections associated with an Enterprise Manager Console session upon Exit, or session disconnection, or after 10 minutes of inactivity, except where prevented by documented and validated mission requirements.

DISA Rule

SV-90913r1_rule

Vulnerability Number

V-76225

Group Title

SRG-APP-000190-NDM-000267

Rule Version

CACT-NM-000001

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

CounterACT is inherently designed to terminate upon Exit or session disconnection, thus this part of the requirement does not have a fix. To configure CounterACT to terminate the connection after "10" minutes of inactivity perform the following steps.

1. On the Enterprise Manager Console.
2. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
3. Ensure the "User In-activity Timeout" check box is selected and the associated setting is set to "10 minutes.

If exceptions to this requirement are necessary based on mission requirements, document the mission requirement and validate with a signature by a designated authority.

Check Contents

CounterACT is inherently designed to terminate upon Exit or session disconnection, thus this part of the requirement does not have to be verified. To verify the device is configured to terminate management sessions after "10" minutes of inactivity, verify the timeout value is configured.

1. On the Enterprise Manager Console.
2. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
3. Verify the "User Inactivity Timeout" check box is selected and the associated setting is set to "10" minutes.

If applicable, verify exceptions to this requirement are documented and signed.

If Counteract does not terminate the connection associated with an Enterprise Manager Console at the end of the session or after "10" minutes of inactivity, this is a finding.

Vulnerability Number

V-76225

Documentable

False

Rule Version

CACT-NM-000001

Severity Override Guidance

CounterACT is inherently designed to terminate upon Exit or session disconnection, thus this part of the requirement does not have to be verified. To verify the device is configured to terminate management sessions after "10" minutes of inactivity, verify the timeout value is configured.

1. On the Enterprise Manager Console.
2. From the menu, select Tools >> Options >> User Console and Options >> Password and Login.
3. Verify the "User Inactivity Timeout" check box is selected and the associated setting is set to "10" minutes.

If applicable, verify exceptions to this requirement are documented and signed.

If Counteract does not terminate the connection associated with an Enterprise Manager Console at the end of the session or after "10" minutes of inactivity, this is a finding.

Check Content Reference

M

Target Key

3225

Comments