Check: FORE-NC-000210
Forescout Network Access Control STIG:
FORE-NC-000210
(in version v1 r2)
Title
Forescout must reveal error messages only to the Information System Security Officer (ISSO), Information System Security Manager (ISSM), and System Administrator (SA). (Cat II impact)
Discussion
Ensuring the proper amount of information is provided to the Security Management staff is imperative to ensure role based access control. Only those individuals that need to know about a security error of an application need to be notified of the error.
Check Content
Use the Forescout Administrator UI to verify only individuals authorized by the SSP are configured to recieve error messages. 1. Log on to the Forescout UI. 2. Within the highlighted policy, under the Actions section, select a configured action to view. 3. Find the Notify section and verify that only authorized individuals (IAW the SSP) are configured for the following: - HTTP Notification - Send Email - Send Notification If Forescout error messages can be viewed by unauthorized users other than the security personnel that have a need to know, this is a finding.
Fix Text
Use the Forescout Administrator UI to configure the individuals authorized by the SSP to recieve error messages. 1. Log on to the Forescout UI. 2. Within the highlighted policy, under the Actions section, select "Add" or "Edit". 3. Find the Notify section and select from any one of the below options for notifying authorized (IAW SSP) personnel: - HTTP Notification - Send Email - Send Notification
Additional Identifiers
Rule ID: SV-233328r803508_rule
Vulnerability ID: V-233328
Group Title: SRG-NET-000273-NAC-000970
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001312 |
The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. |
Controls
Number | Title |
---|---|
SI-11 |
Error Handling |