An error occurred:

Check: FORE-NM-000200

Forescout Network Device Management STIG: FORE-NM-000200 (in version v1 r1)

Title

Forescout must enforce access restrictions associated with changes to device configuration. (Cat II impact)

Discussion

Failure to provide logical access restrictions associated with changes to device configuration may have significant effects on the overall security of the system. For Forescout, ensure only authorized users have access to user profile permissions. All other admins are blocked from access via the console tools and/or web portal based on permissions set on the Edit user profile.

Check Content

Determine if the network device enforces access restrictions associated with changes to device configuration. 1. Log on to the Forescout Administrator UI with admin or operator credentials. 2. From the menu, select Tools >> Options >> User Console and Options. 3. Select (highlight) the user profile to be reviewed (group or user) and then select Edit >> Permissions. 4. Check user against the current SSP and ensure only the users that should have the privilege to make changes have the CounterACT Appliance Configuration; CounterACT Appliance Control; Module Control; Multiple CounterACT Appliance Management; Policy Control; Policy Management; and User Management privileges selected. If the network device does not enforce such access restrictions, this is a finding.

Fix Text

Remove accounts that are not authorized. Do not remove the account of last resort. 1. Log on to the Forescout Administrator UI with admin or operator credentials. 2. From the menu, select Tools >> Options >> User Console and Options. 3. Select (highlight) the user profile to be reviewed (group or user) and then select Edit >> Permissions. 4. Check user against current SSP and ensure only the users that should have privilege to make changes have the CounterACT Appliance Configuration; CounterACT Appliance Control; Module Control; Multiple CounterACT Appliance Management; Policy Control; Policy Management; and User Management privileges selected. 5. Delete or disable unauthorized users.

Additional Identifiers

Rule ID: SV-230947r615886_rule

Vulnerability ID: V-230947

Group Title: SRG-APP-000380-NDM-000304

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001813

The information system enforces access restrictions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-5 (1)

Automated Access Enforcement / Auditing