STIGQter STIGQter: STIG Summary: ForeScout CounterACT NDM Security Technical Implementation Guide

Version: 1

Release: 1 Benchmark Date: 12 Sep 2017

CheckedNameTitle
SV-90881r1_ruleFor the local account, CounterACT must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
SV-90883r1_ruleCounterACT must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.
SV-90885r1_ruleCounterACT must enforce password complexity by requiring that at least one numeric character be used.
SV-90887r1_ruleCounterACT must enforce a 60-day maximum password lifetime restriction.
SV-90889r1_ruleCounterACT must prohibit password reuse for a minimum of five generations.
SV-90891r1_ruleCounterACT must enforce a minimum 15-character password length.
SV-90893r1_ruleCounterACT must enforce access restrictions associated with changes to the system components.
SV-90895r1_ruleCounterACT must generate audit log events for a locally developed list of auditable events.
SV-90897r1_ruleCounterACT must support organizational requirements to conduct backups of system-level information contained in the information system when changes occur or weekly, whichever is sooner.
SV-90899r1_ruleCounterACT must support organizational requirements to conduct backups of information system documentation, including security-related documentation, when changes occur or weekly, whichever is sooner.
SV-90901r1_ruleCounterACT must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
SV-90903r1_ruleCounterACT must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
SV-90905r1_ruleCounterACT must enable Threat Protection notifications to alert security personnel to Cyber events detected by a CounterACT IAW CJCSM 6510.01B.
SV-90907r1_ruleCounterACT appliances performing maintenance functions must restrict use of these functions to authorized personal only.
SV-90909r1_ruleCounterACT must employ automated mechanisms to centrally apply authentication settings.
SV-90911r1_ruleCounterACT must disable all unnecessary and/or nonsecure plugins.
SV-90913r1_ruleCounterACT must terminate all network connections associated with an Enterprise Manager Console session upon Exit, or session disconnection, or after 10 minutes of inactivity, except where prevented by documented and validated mission requirements.
SV-90915r1_ruleCounterACT must terminate all network connections associated with an SSH connection session upon Exit, session disconnection, or after 10 minutes of inactivity, except where prevented by documented and validated mission requirements.
SV-90917r1_ruleCounterACT must allow only authorized administrators to view or change the device configuration, system files, and other files stored either in the device or on removable media.
SV-90919r1_ruleIf any logs are stored locally which are not sent to the centralized audit server, CounterACT must back up audit records at least every seven days onto a different system or system component than the system or component being audited.
SV-90921r1_ruleCounterACT must limit privileges to change the software resident within software libraries.
SV-90923r1_ruleCounterACT must enforce password complexity by requiring that at least one special character be used.
SV-90925r1_ruleCounterACT must sent audit logs to a centralized audit server (i.e., syslog server).
SV-90927r1_ruleCounterACT must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC).
SV-90929r1_ruleCounterACT must be configured to synchronize internal information system clocks with the organizations primary and secondary NTP servers.
SV-90931r1_ruleCounterACT must restrict the ability to change the auditing to be performed within the system log based on selectable event criteria to the audit administrators role or to other roles or individuals.
SV-90933r1_ruleCounterACT must authenticate any endpoint used for network management before establishing a local, remote, and/or network connection using cryptographically based bidirectional authentication.
SV-90935r1_ruleCounterACT must authenticate SNMPv3 endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.
SV-90937r1_ruleIn the event the authentication server is unavailable, one local account must be created for use as the account of last resort.
SV-90939r1_ruleCounterACT must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.
SV-90941r1_ruleThe network device must terminate shared/group account credentials when members leave the group.
SV-90943r1_ruleThe network device must be configured to use a centralized authentication server to authenticate privileged users for remote and nonlocal access for device management.
SV-90945r1_ruleCounterACT must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log on for further access.
SV-90947r1_ruleCounterACT must compare internal information systems clocks at least every 24 hours with an authoritative time server.
SV-90949r1_ruleAdministrative accounts for device management must be configured on the authentication server and not the network device itself (except for the account of last resort).
SV-90951r1_ruleIf multifactor authentication is not supported and passwords must be used, CounterACT must enforce password complexity by requiring that at least one upper-case character be used.
SV-90953r1_ruleIf multifactor authentication is not supported and passwords must be used, CounterACT must enforce password complexity by requiring that at least one lower-case character be used.
SV-90955r1_ruleCounterACT must limit the number of concurrent sessions to an organization-defined number for each administrator account type.