UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Forescout must be configured to apply dynamic ACLs that restrict the use of ports when non-entity endpoints are connected using MAC Authentication Bypass (MAB).


Overview

Finding ID Version Rule ID IA Controls Severity
V-233327 FORE-NC-000190 SV-233327r611394_rule Medium
Description
MAB is only one way of connecting non-entity endpoints, and can be defeated by spoofing the MAC address of an assumed authorized device. By adding the device to the MAB, the device can then gain access to the network. NPE devices that can support PKI or an allowed authentication type must use PKI. MAB may be used for NPE that cannot support an approved device authentication. Non-entity endpoints include Internet of Things (IoT) devices, VoIP phone, and printer.
STIG Date
Forescout Network Access Control Security Technical Implementation Guide 2020-12-11

Details

Check Text ( C-36522r605684_chk )
Verify Forescout applies dynamic ACLs that restrict the use of ports when non-entity endpoints are connected using MAC Address Repository (MAR).

If the NAC does not apply dynamic ACLs that restrict the use of ports when non-entity endpoints are connected using MAR, this is a finding.
Fix Text (F-36487r605685_fix)
Log on to Forescout UI.

1. In the Policy tab, locate the Authentication and Authorization policy set.
2. Select a policy that identifies non-entity endpoints. Highlight the policy, then select "Edit".
3. From the Sub-Rules section, ensure that when a device is added to the MAR, the policy also applies one of the following actions:
-Access Port ACL
-Endpoint Address ACL
-WLAN Role