CounterACT must enable Threat Protection notifications to alert security personnel to Cyber events detected by a CounterACT IAW CJCSM 6510.01B.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-76217 | CACT-NM-000009 | SV-90905r1_rule | Medium |
| Description |
|---|
| CJCSM 6510.01B, "Cyber Incident Handling Program", in subsection e.(6)(c) sets forth requirements for Cyber events detected by an automated system. By immediately displaying an alarm message, potential security violations can be identified more quickly even when administrators are not logged into the network device. |
| STIG | Date |
|---|---|
| ForeScout CounterACT NDM Security Technical Implementation Guide | 2017-09-19 |
Details
| Check Text ( C-75903r1_chk ) |
|---|
| Verify Threat Protection notifications are enabled and configured. 1. Select Tools >> Options >> Threat Protection. 2. At the bottom of the Threat Protection pane, select "Customer" and then select the "Notify" tab. 3. Verify the Maximum emails per day is set to "15" and infected host notification is set to 1 hour. If CounterACT does not enable Threat Protection notifications to alert security personnel to Cyber events detected by a CounterACT IAW CJCSM 6510.01B, this is a finding. |
| Fix Text (F-82853r1_fix) |
|---|
| Enable and configure Threat Protection notifications. 1. Select Tools >> Options >> Threat Protection. 2. At the bottom of the Threat Protection pane, select "Customer" and then select the "Notify" tab. 3. Modify the Maximum emails per day to "15" and infected host notification to 1 hour. |