Check: CACT-NM-000009
ForeScout CounterACT NDM STIG:
CACT-NM-000009
(in version v1 r1)
Title
CounterACT must enable Threat Protection notifications to alert security personnel to Cyber events detected by a CounterACT IAW CJCSM 6510.01B. (Cat II impact)
Discussion
CJCSM 6510.01B, "Cyber Incident Handling Program", in subsection e.(6)(c) sets forth requirements for Cyber events detected by an automated system. By immediately displaying an alarm message, potential security violations can be identified more quickly even when administrators are not logged into the network device.
Check Content
Verify Threat Protection notifications are enabled and configured. 1. Select Tools >> Options >> Threat Protection. 2. At the bottom of the Threat Protection pane, select "Customer" and then select the "Notify" tab. 3. Verify the Maximum emails per day is set to "15" and infected host notification is set to 1 hour. If CounterACT does not enable Threat Protection notifications to alert security personnel to Cyber events detected by a CounterACT IAW CJCSM 6510.01B, this is a finding.
Fix Text
Enable and configure Threat Protection notifications. 1. Select Tools >> Options >> Threat Protection. 2. At the bottom of the Threat Protection pane, select "Customer" and then select the "Notify" tab. 3. Modify the Maximum emails per day to "15" and infected host notification to 1 hour.
Additional Identifiers
Rule ID: SV-90905r1_rule
Vulnerability ID: V-76217
Group Title: SRG-APP-000516-NDM-000333
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
CCI-001274 |
The organization employs automated mechanisms to alert security personnel of organization-defined inappropriate or unusual activities with security implications. |