Forescout Network Access Control STIG Version Comparison

There are 10 differences between versions v1 r4 (July 26, 2023) (the "left" version) and v2 r2 (Oct. 24, 2024) (the "right" version).

Check FORE-NC-000150 was removed from the benchmark in the "right" version. The text below reflects the old wording.

This check's original form is available here.

Title

Forescout must be configured to log records onto a centralized events server. This is required for compliance with C2C Step 1.

Check Content

If DoD is not at C2C Step 1 or higher, this is not a finding. 1. Go to Tools >> Options >> Syslog. 2. Verify a central log server's IP address is configured. If Forescout does not configured to log records onto a centralized events server, this is a finding.

Discussion

Keeping an established, connection-oriented audit record is essential to keeping audit logs in accordance with DoD requirements.

Fix

Configure Syslog server with TCP, as well as configure Syslog to alert if the communication between the Syslog server and the Forescout appliance loses connectivity. 1. Go to Tools >> Options >> Syslog. 2. Click Add/Edit. 3. Configure the Syslog: - Syslog Server IP address - Server Port - Server Protocol set to TCP - Check the Use TLS setting - Configure the Identity, Facility, and Severity. 4. Click "Ok". 5. Click "Apply". Note: A secondary syslog server is required to fully meet this requirement (covered in NDM STIG). Use the same instructions to configure a second syslog.