In the event the authentication server is unavailable, one local account must be created for use as the account of last resort.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-76249	CACT-NM-000027	SV-90937r1_rule		Medium

Description
Authentication for administrative (privileged-level) access to the device is required at all times. An account can be created on CounterACT's local database for use in an emergency, such as when the authentication server is down or connectivity between the device and the authentication server is not operable. This account is referred to as the account of last resort since the emergency administration account is strictly intended to be used only as a last resort when immediate administrative access is absolutely necessary. The number of local accounts is restricted to one. The username and password for the emergency account is contained within a sealed envelope kept in a safe. All other users/groups should leverage the external directory. Remove any other accounts using Single-Local. The default admin account may be used to fulfill this requirement (requires DoD compliant password or cryptographically generated shared secret).

Description

Authentication for administrative (privileged-level) access to the device is required at all times. An account can be created on CounterACT's local database for use in an emergency, such as when the authentication server is down or connectivity between the device and the authentication server is not operable. This account is referred to as the account of last resort since the emergency administration account is strictly intended to be used only as a last resort when immediate administrative access is absolutely necessary. The number of local accounts is restricted to one. The username and password for the emergency account is contained within a sealed envelope kept in a safe. All other users/groups should leverage the external directory. Remove any other accounts using Single-Local. The default admin account may be used to fulfill this requirement (requires DoD compliant password or cryptographically generated shared secret).

STIG	Date
ForeScout CounterACT NDM Security Technical Implementation Guide	2017-09-19

Details

Check Text ( C-75935r1_chk )
Verify that only one local account exists and it has full administrator privileges. 1. Log on to the CounterACT Administrator UI. 2. From the menu, select Tools >> Options >> User Console and Options. If more than one local user account exists, this is a finding.

Fix Text (F-82885r1_fix)
Create a local account with full administrator privileges to be used as the account of last resort. The default admin account may be used to fulfill this requirement. 1. Log on to the CounterACT Administrator UI. 2. From the menu, select Tools >> Options >> User Console and Options. Remove unneeded accounts, if any.