Forescout must send an alert to the Information System Security Manager (ISSM) and System Administrator (SA), at a minimum, when critical security issues are found that put the network at risk. This is required for compliance with C2C Step 2.

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Forescout must send an alert to the Information System Security Manager (ISSM) and System Administrator (SA), at a minimum, when critical security issues are found that put the network at risk. This is required for compliance with C2C Step 2.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-233316	FORE-NC-000080	SV-233316r811381_rule		Medium

Description
Requiring authentication and authorization of both the user's identity and the identity of the computing device is essential to ensuring a non-authorized person or device has entered the network.

STIG	Date
Forescout Network Access Control Security Technical Implementation Guide	2024-06-10

Details

Check Text ( C-36511r811380_chk )
If DoD is not at C2C Step 2 or higher, this is not a finding. Verify Forescout performs device authentication before policy assessment is performed. If device authentication is not completed prior to the NAC check, this is a finding.

Fix Text (F-36476r605652_fix)
Log on to the Forescout UI. 1. Locate the Authentication & Authorization policy. 2. Ensure the Authentication & Authorization policy happens prior to any NAC check.