ForeScout CounterACT NDM Security Technical Implementation Guide

SRG-APP-000125-NDM-000241

If any logs are stored locally which are not sent to the centralized audit server, CounterACT must back up audit records at least every seven days onto a different system or system component than the system or component being audited.

SRG-APP-000133-NDM-000244

CounterACT must limit privileges to change the software resident within software libraries.

SRG-APP-000169-NDM-000257

CounterACT must enforce password complexity by requiring that at least one special character be used.

SRG-APP-000515-NDM-000325

CounterACT must sent audit logs to a centralized audit server (i.e., syslog server).

SRG-APP-000374-NDM-000299

SRG-APP-000148-NDM-000346

CounterACT must be configured to synchronize internal information system clocks with the organizations primary and secondary NTP servers.

SRG-APP-000353-NDM-000292

CounterACT must restrict the ability to change the auditing to be performed within the system log based on selectable event criteria to the audit administrators role or to other roles or individuals.

SRG-APP-000395-NDM-000310

CounterACT must authenticate any endpoint used for network management before establishing a local, remote, and/or network connection using cryptographically based bidirectional authentication.

SRG-APP-000395-NDM-000310

CounterACT must authenticate SNMPv3 endpoint devices before establishing a local, remote, and/or network connection using bidirectional authentication that is cryptographically based.

In the event the authentication server is unavailable, one local account must be created for use as the account of last resort.

SRG-APP-000345-NDM-000290

CounterACT must automatically lock the account until the locked account is released by an administrator when three unsuccessful logon attempts in 15 minutes are exceeded.