Check: FORE-NC-000090
Forescout Network Access Control STIG:
FORE-NC-000090
(in versions v1 r2 through v1 r1)
Title
When devices fail the policy assessment, Forescout must create a record with sufficient detail suitable for forwarding to a remediation server for automated remediation or sending to the user for manual remediation. (Cat II impact)
Discussion
Notifications sent to the user and/or network administrator informing them of remediation requirements will ensure that action is taken.
Check Content
Verify Forescout sends user and/or admin notification of remediation requirements, whether manual or automated. If the NAC does not flag for future manual or automated remediation, devices failing policy assessment that are not automatically remediated either before or during the remote access session, this a finding.
Fix Text
Log on to the Forescout UI. 1. Within the Policy tab, locate the Compliance policies. 2. Within the policy Sub-Rule, ensure all policies that indicate remediation have been configured to notify the user and/or network administrator of required action.
Additional Identifiers
Rule ID: SV-233317r611394_rule
Vulnerability ID: V-233317
Group Title: SRG-NET-000015-NAC-000110
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000213 |
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies. |
Controls
Number | Title |
---|---|
AC-3 |
Access Enforcement |