STIGQter: STIG Summary: ForeScout CounterACT NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017: STIGQter: STIG Summary: ForeScout CounterACT NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017:SV-90919r1_rule
V-76231
SRG-APP-000125-NDM-000241
CACT-NM-000023
CAT II
10
Configure CounterACT to back up locally stored audit records on the Enterprise Manager or the appliances at least every seven days onto a different system or system component than the system or component being audited.
1. Open the CounterACT Console and select Tools >> Options.
2. Select the "+" next to "Advanced" menu (toward the bottom).
3. Select the “Backup” submenu.
4. On the "System Backup" tab, ensure the "Enable System Backup" radio button is selected.
5. Ensure the Backup schedule is selected to at least "weekly".
6. On the "Backup Server" tab, verify an external backup server is configured with SFTP or SCP (and appropriate port/protocol requirements).
If all audit logs for the Enterprise Manager and appliances are sent to an audit log, this is not a finding.
Determine if CounterACT backs up local logs on the Enterprise Manager or appliances at least every seven days onto a different system or system component than the system or component being audited. This requirement may be verified by configuration review.
1. Open the CounterACT Console and select Tools >> Options.
2. Select the "+" next to "Advanced" menu (toward the bottom).
3. Select the “Backup” submenu.
4. On the "System Backup" tab, verify the "Enable System Backup" radio button is selected.
5. Verify the Backup schedule is selected to at least "weekly".
6. On the "Backup Server" tab, verify an external backup server is configured with SFTP or SCP (and appropriate port/protocol requirements).
If the network device does not back up audit records at least every seven days onto a different system or system component than the system or component being audited, this is a finding.
V-76231
False
CACT-NM-000023
If all audit logs for the Enterprise Manager and appliances are sent to an audit log, this is not a finding.
Determine if CounterACT backs up local logs on the Enterprise Manager or appliances at least every seven days onto a different system or system component than the system or component being audited. This requirement may be verified by configuration review.
1. Open the CounterACT Console and select Tools >> Options.
2. Select the "+" next to "Advanced" menu (toward the bottom).
3. Select the “Backup” submenu.
4. On the "System Backup" tab, verify the "Enable System Backup" radio button is selected.
5. Verify the Backup schedule is selected to at least "weekly".
6. On the "Backup Server" tab, verify an external backup server is configured with SFTP or SCP (and appropriate port/protocol requirements).
If the network device does not back up audit records at least every seven days onto a different system or system component than the system or component being audited, this is a finding.
M
3225