Skip to content
Log In

Forescout Network Access Control Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-NET-000015-NAC-000110

    Group
    Show

  • When devices fail the policy assessment, Forescout must create a record with sufficient detail suitable for forwarding to a remediation server for automated remediation or sending to the user for manual remediation. This is required for compliance with C2C Step 3.

    Notifications sent to the user and/or network administrator informing them of remediation requirements will ensure that action is taken.
    Rule Medium Severity
    Show

  • SRG-NET-000015-NAC-000120

    Group
    Show

  • Forescout must place client machines on a blacklist or terminate network communications on devices when critical security issues are found that put the network at risk. This is required for compliance with C2C Step 4.

    Devices that are found to have critical security issues place the network at risk if they are allowed to continue communications. Policy actions should be in place to terminate or restrict network ...
    Rule High Severity
    Show

  • SRG-NET-000015-NAC-000130

    Group
    Show

  • SRG-NET-000321-NAC-001210

    Group
    Show

  • Forescout must enforce the revocation of endpoint access authorizations when devices are removed from an authorization group. This is required for compliance with C2C Step 4.

    Ensuring the conditions that are configured in policy have proper time limits set to reflect changes will allow for proper access. This will help to validate that authorized individuals have proper...
    Rule Medium Severity
    Show

  • SRG-NET-000322-NAC-001220

    Group
    Show

  • SRG-NET-000322-NAC-001230

    Group
    Show

  • Forescout must deny or restrict access for endpoints that fail critical endpoint security checks. This is required for compliance with C2C Step 4.

    Devices that do not meet minimum-security configuration requirements pose a risk to the DOD network and information assets. Endpoint devices must be disconnected or given limited access as designa...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules