UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Forescout must generate a critical alert to be sent to the Information System Security Officer (ISSO) and Systems Administrator (SA) (at a minimum) in the event of an audit processing failure. This is required for compliance with C2C Step 1.


Overview

Finding ID Version Rule ID IA Controls Severity
V-233325 FORE-NC-000170 SV-233325r856511_rule Medium
Description
Ensuring that a security solution alerts in the event of misconfiguration or error is imperative to ensuring that proper auditing is being conducted. Having the ability to immediately notify an administrator when this auditing fails allows for a quick response and real-time remediation.
STIG Date
Forescout Network Access Control Security Technical Implementation Guide 2024-06-10

Details

Check Text ( C-36520r811398_chk )
If DoD is not at C2C Step 1 or higher, this is not a finding.

Verify Forescout sends an alert to the proper security personnel when an audit process failure occurs.

1. Log on to the Forescout UI.
2. Locate the audit process policies as identified by the site representative.
3. Verify a policy for "audit failure" exists.
4. Verify this policy includes notification of security personnel.

If Forescout does not send an alert when an audit processing failure occurs, this is a finding.
Fix Text (F-36485r605679_fix)
Log on to the Forescout UI.

1. Locate the audit process policies as identified by the site representative.
2. Configure a policy for audit failure to include the notification of security personnel. This could also include sending a balloon message, notification, or email.