Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Forescout must off-load log records onto a different system. This is required for compliance with C2C Step 1.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-233324 | FORE-NC-000160 | SV-233324r856510_rule | Medium |
| Description |
|---|
| Having a separate, secure location for log records is essential to the preservation of logs as required by policy. |
| STIG | Date |
|---|---|
| Forescout Network Access Control Security Technical Implementation Guide | 2023-06-22 |
Details
| Check Text ( C-36519r811396_chk ) |
|---|
| If DoD is not at C2C Step 1 or higher, this is not a finding. 1. Go to Tools >> Options >> Syslog. 2. Verify a syslog server's IP address is configured. If each Forescout device does not offload log records to a separate device, this is a finding. |
| Fix Text (F-36484r605676_fix) |
|---|
| Configure Syslog server with TCP, as well as configure Syslog to alert if the communication between the Syslog server and the Forescout appliance loses connectivity. 1. Go to Tools >> Options >> Syslog. 2. Click Add/Edit. 3. Configure the Syslog: - Syslog Server IP address - Server Port - Server Protocol set to TCP - Check the Use TLS setting - Configure the Identity, Facility, and Severity. 4. Click "Ok". 5. Click "Apply". |