Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Forescout must be configured to log records onto a centralized events server. This is required for compliance with C2C Step 1.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-233323 | FORE-NC-000150 | SV-233323r856509_rule | Medium |
| Description |
|---|
| Keeping an established, connection-oriented audit record is essential to keeping audit logs in accordance with DoD requirements. |
| STIG | Date |
|---|---|
| Forescout Network Access Control Security Technical Implementation Guide | 2023-06-22 |
Details
| Check Text ( C-36518r811394_chk ) |
|---|
| If DoD is not at C2C Step 1 or higher, this is not a finding. 1. Go to Tools >> Options >> Syslog. 2. Verify a central log server's IP address is configured. If Forescout does not configured to log records onto a centralized events server, this is a finding. |
| Fix Text (F-36483r605673_fix) |
|---|
| Configure Syslog server with TCP, as well as configure Syslog to alert if the communication between the Syslog server and the Forescout appliance loses connectivity. 1. Go to Tools >> Options >> Syslog. 2. Click Add/Edit. 3. Configure the Syslog: - Syslog Server IP address - Server Port - Server Protocol set to TCP - Check the Use TLS setting - Configure the Identity, Facility, and Severity. 4. Click "Ok". 5. Click "Apply". Note: A secondary syslog server is required to fully meet this requirement (covered in NDM STIG). Use the same instructions to configure a second syslog. |