Title

When devices fail the policy assessment, Forescout must create a record with sufficient detail suitable for forwarding to a remediation server for automated remediation or sending to the user for manual remediation. This is required for compliance with C2C Step 3. (Cat II impact)

Discussion

Notifications sent to the user and/or network administrator informing them of remediation requirements will ensure that action is taken.

Check Content

If DoD is not at C2C Step 3 or higher, this is not a finding. Verify Forescout sends user and/or admin notification of remediation requirements, whether manual or automated. If the NAC does not flag for future manual or automated remediation, devices failing policy assessment that are not automatically remediated either before or during the remote access session, this a finding.

Fix Text

Log on to the Forescout UI. 1. Within the Policy tab, locate the Compliance policies. 2. Within the policy Sub-Rule, ensure all policies that indicate remediation have been configured to notify the user and/or network administrator of required action.

Additional Identifiers

Rule ID: SV-233317r811383_rule

Vulnerability ID: V-233317

Group Title: SRG-NET-000015-NAC-000110

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.