Forescout must place client machines on the blacklist and terminate Forescout agent connection when critical security issues are found that put the network at risk.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-233318 | FORE-NC-000100 | SV-233318r611394_rule | High |
| Description |
|---|
| If a device communicates outside of its normal required communication, this could be suspect traffic and should be stopped and proper individuals notified immediately. |
| STIG | Date |
|---|---|
| Forescout Network Access Control Security Technical Implementation Guide | 2020-12-11 |
Details
| Check Text ( C-36513r605657_chk ) |
|---|
| Check Forescout policy to ensure that any device with a critical security issue is checked through a security policy and an action is taken to either blacklist it or terminate communication with other network devices. If the NAC does not immediately place the device on the blacklist and terminate the connection when critical security issues are found that put the network at immediate risk, this a finding. |
| Fix Text (F-36478r605658_fix) |
|---|
| Login to the Forescout UI. 1. From the Policy tab, identify a Compliance policy. 2. Within the Compliance policy, under Sub-Rule for a device with critical security issues, ensure that an action that Adds Device to Blacklist and/or Disables Device, is enabled. |