Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-233332 | FORE-NC-000270 | SV-233332r611394_rule | Medium |
Description |
---|
Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks that exploit vulnerabilities in this protocol. |
STIG | Date |
---|---|
Forescout Network Access Control Security Technical Implementation Guide | 2020-12-11 |
Check Text ( C-36527r605699_chk ) |
---|
Verify Forescout is configured to a list of DoD-approved certificate types and CAs. Verify the TLS session is configured to automatically terminate any session if the client does not have a suitable certificate. For TLS connections, if Forescout is not configured to use TLS 1.2 at a minimum, this is a finding. |
Fix Text (F-36492r605700_fix) |
---|
Log on to the Forescout UI. 1. Select Tools >> Options >> Certificates. 2. Check that in the Ongoing TLS Sessions section, view the Re-verify TLS Sessions. 3. Change the Re-verify TLS Sessions to Every 1 Day or in accordance with the site's SSP, then click "Apply". 4. Next select the HPS Inspection Engine >> SecureConnector. 5. In the Client-Server Connection, ensure the Minimum Supported TLS Version is set to TLS version 1.2. |