| If DoD is not at C2C Step 1 or higher, this is not a finding. |
Use the Forescout Administrator UI to verify a central log server's IP address is configured withing the Syslog configuration settings.
1. Log on to the Forescout UI.
2. Select Tools >> Option >> HPS Inspection Engine >> SecureConnector.
3. In the Client-Server Connection, check the Minimum Supported TLS Version is set to TLS version 1.2.
If the NAC does not use TLS 1.2, at a minimum, to protect the confidentiality of information passed between the endpoint agent and the NAC for the purposes of client posture assessment, this is a finding.