Check: FORE-NM-000190
      
      
        
  Forescout Network Device Management STIG:
  FORE-NM-000190
  
    (in versions v2 r3 through v1 r1)
  
      
      
    
  Title
Forescout must prohibit installation of software without explicit privileged permission by only authorized individuals. (Cat II impact)
Discussion
Allowing anyone to install software, without explicit privileges, creates the risk that untested or potentially malicious software will be installed on the system. This requirement applies to code changes and upgrades for all network devices.
Check Content
Determine if the network device prohibits installation of software without explicit privileged status. This requirement may be verified by demonstration or configuration review. 1. From the menu, select Tools >> Options >> User Console and Options. 2. Select (highlight) the user profile to be reviewed (group or user) and then select Edit >> Permissions. 3. Check a sampling of users against the current SSP to verify only the users that should have privilege to update software have the Software Upgrade privilege selected. If installation of software is not prohibited without explicit privileged status, this is a finding.
Fix Text
Remove accounts that are not authorized. Do not remove the account of last resort. Compare users with the current SSP and ensure only the users that should have the privilege to update software have the Software Upgrade privilege selected. 1. From the menu, select Tools >> Options >> User Console and Options. 2. Select (highlight) the user profile to be reviewed (group or user) and then select Edit >> Permissions. 3. Disable or delete unauthorized users.
Additional Identifiers
Rule ID: SV-230946r1018753_rule
Vulnerability ID: V-230946
Group Title: SRG-APP-000378-NDM-000302
Expert Comments
      
        
        
      
      
        
  CCIs
      
      
        
        
      
    
  | Number | Definition | 
|---|---|
| CCI-001812 | The information system prohibits user installation of software without explicit privileged status. | 
| CCI-003980 | Allow user installation of software only with explicit privileged status. | 
      
        
        
      
      
        
  Controls
      
      
        
        
      
    
  | Number | Title | 
|---|---|
| CM-11(2) | Software Installation with Privileged Status |