ForeScout CounterACT NDM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000317-NDM-000282
<GroupDescription></GroupDescription>Group -
The network device must terminate shared/group account credentials when members leave the group.
<VulnDiscussion>A shared/group account credential is a shared form of authentication that allows multiple individuals to access the network d...Rule Medium Severity -
SRG-APP-000516-NDM-000338
<GroupDescription></GroupDescription>Group -
The network device must be configured to use a centralized authentication server to authenticate privileged users for remote and nonlocal access for device management.
<VulnDiscussion>The use of authentication servers or other centralized management servers for providing centralized authentication services i...Rule Low Severity -
SRG-APP-000069-NDM-000216
<GroupDescription></GroupDescription>Group -
CounterACT must retain the Standard Mandatory DoD Notice and Consent Banner on the screen until the administrator acknowledges the usage conditions and takes explicit actions to log on for further access.
<VulnDiscussion>The administrator must acknowledge the banner prior to CounterACT allowing the administrator access to CounterACT. This provi...Rule Low Severity -
SRG-APP-000371-NDM-000296
<GroupDescription></GroupDescription>Group -
CounterACT must compare internal information systems clocks at least every 24 hours with an authoritative time server.
<VulnDiscussion>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the cor...Rule Medium Severity -
SRG-APP-000516-NDM-000336
<GroupDescription></GroupDescription>Group -
Administrative accounts for device management must be configured on the authentication server and not the network device itself (except for the account of last resort).
<VulnDiscussion>The use of authentication servers or other centralized management servers for providing centralized authentication services i...Rule Medium Severity -
SRG-APP-000166-NDM-000254
<GroupDescription></GroupDescription>Group -
If multifactor authentication is not supported and passwords must be used, CounterACT must enforce password complexity by requiring that at least one upper-case character be used.
<VulnDiscussion>Use of a complex passwords helps to increase the time and resources required to compromise the password. Password complexity,...Rule Medium Severity -
SRG-APP-000167-NDM-000255
<GroupDescription></GroupDescription>Group -
If multifactor authentication is not supported and passwords must be used, CounterACT must enforce password complexity by requiring that at least one lower-case character be used.
<VulnDiscussion>Some devices may not have the need to provide a group authenticator; this is considered a matter of device design. In those i...Rule Medium Severity -
SRG-APP-000001-NDM-000200
<GroupDescription></GroupDescription>Group -
CounterACT must limit the number of concurrent sessions to an organization-defined number for each administrator account type.
<VulnDiscussion>Network device management includes the ability to control the number of administrators and management sessions that manage a ...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.