Forescout Network Device Management Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000169-NDM-000257
Group -
Forescout must enforce password complexity by requiring that at least one special character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
SRG-APP-000170-NDM-000329
Group -
SRG-APP-000179-NDM-000265
Group -
Forescout must use FIPS 140-2 approved algorithms for authentication to a cryptographic module.
Unapproved mechanisms used for authentication to the cryptographic module are not validated and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromi...Rule High Severity -
SRG-APP-000190-NDM-000267
Group -
SRG-APP-000231-NDM-000271
Group -
SRG-APP-000516-NDM-000350
Group -
Forescout must be configured to send log data to a central log server for the purpose of forwarding alerts to the administrators and the Information System Security Officer (ISSO).
The aggregation of log data kept on a syslog server can be used to detect attacks and trigger an alert to the appropriate security personnel. The stored log data can be used to detect weaknesses in...Rule High Severity -
Forescout must be configured with only one web account and one CLI account of last resort with limited access and used only when the authentication server is unavailable.
Authentication for administrative (privileged-level) access to the device is required at all times. An account can be created on the device's local database for use when the authentication server i...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.