UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Forescout must enforce the revocation of endpoint access authorizations when devices are removed from an authorization group.


Overview

Finding ID Version Rule ID IA Controls Severity
V-233320 FORE-NC-000120 SV-233320r611394_rule Medium
Description
Ensuring the conditions that are configured in policy have proper time limits set to reflect changes will allow for proper access. This will help to validate that authorized individuals have proper access.
STIG Date
Forescout Network Access Control Security Technical Implementation Guide 2020-12-11

Details

Check Text ( C-36515r605663_chk )
Verify Forescout admission policy has been configured to revoke access to endpoints that have not met or are removed from the authorized group.

If Forescout is not configured with an admissions policy that enforces the revocation of endpoint access authorizations based on when devices are removed from an authorization group, this is a finding.
Fix Text (F-36480r605664_fix)
Log on to the Forescout UI.

From the Policy tab, check that the authorization policy has a Block Action enabled on any devices that have not met or are removed from the authorized group.