UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Communications between Forescout endpoint agent and the switch must transmit access authorization information via a protected path using a cryptographic mechanism.


Overview

Finding ID Version Rule ID IA Controls Severity
V-233334 FORE-NC-000290 SV-233334r611394_rule Medium
Description
Forescout solution assesses the compliance posture of each client and returns an access decision based on configured security policy. The communications associated with this traffic must be protected from alteration and spoofing attacks so unauthorized devices do not gain access to the network.
STIG Date
Forescout Network Access Control Security Technical Implementation Guide 2020-12-11

Details

Check Text ( C-36529r605705_chk )
Verify both ends are configured for secure communications between the NAC and NAC agent.

If communication between the NAC and NAC agent does not use an encrypted method for protecting posture information transmitted between the devices, this is a finding.
Fix Text (F-36494r605706_fix)
Log on to the Forescout UI.

1. Select Tools >> Option >> HPS Inspection Engine >> SecureConnector.
2. In the Client-Server Connection, check the Minimum Supported TLS Version is set to TLS version 1.2.