ForeScout CounterACT NDM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000065-NDM-000214
<GroupDescription></GroupDescription>Group -
For the local account, CounterACT must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
<VulnDiscussion>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise...Rule Medium Severity -
SRG-APP-000068-NDM-000215
<GroupDescription></GroupDescription>Group -
CounterACT must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.
<VulnDiscussion>Display of the DoD-approved use notification before granting access to CounterACT ensures privacy and security notification v...Rule Low Severity -
SRG-APP-000168-NDM-000256
<GroupDescription></GroupDescription>Group -
CounterACT must enforce password complexity by requiring that at least one numeric character be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule Medium Severity -
SRG-APP-000174-NDM-000261
<GroupDescription></GroupDescription>Group -
CounterACT must enforce a 60-day maximum password lifetime restriction.
<VulnDiscussion>Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed at specific intervals...Rule Medium Severity -
SRG-APP-000165-NDM-000253
<GroupDescription></GroupDescription>Group -
CounterACT must prohibit password reuse for a minimum of five generations.
<VulnDiscussion>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...Rule Medium Severity -
SRG-APP-000164-NDM-000252
<GroupDescription></GroupDescription>Group -
CounterACT must enforce a minimum 15-character password length.
<VulnDiscussion>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute...Rule Medium Severity -
SRG-APP-000516-NDM-000335
<GroupDescription></GroupDescription>Group -
CounterACT must enforce access restrictions associated with changes to the system components.
<VulnDiscussion>Changes to the hardware or software components of the network device can have significant effects on the overall security of ...Rule Medium Severity -
SRG-APP-000516-NDM-000334
<GroupDescription></GroupDescription>Group -
CounterACT must generate audit log events for a locally developed list of auditable events.
<VulnDiscussion>Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means...Rule Low Severity -
SRG-APP-000516-NDM-000340
<GroupDescription></GroupDescription>Group -
CounterACT appliances performing maintenance functions must restrict use of these functions to authorized personal only.
<VulnDiscussion>There are security-related issues arising from software brought into the network device specifically for diagnostic and repai...Rule High Severity -
CounterACT must support organizational requirements to conduct backups of system-level information contained in the information system when changes occur or weekly, whichever is sooner.
<VulnDiscussion>System-level information includes default and customized settings and security attributes, including ACLs that relate to the ...Rule Medium Severity -
SRG-APP-000516-NDM-000341
<GroupDescription></GroupDescription>Group -
CounterACT must support organizational requirements to conduct backups of information system documentation, including security-related documentation, when changes occur or weekly, whichever is sooner.
<VulnDiscussion>Information system backup is a critical step in maintaining data assurance and availability. Information system and security-...Rule Low Severity -
SRG-APP-000516-NDM-000344
<GroupDescription></GroupDescription>Group -
CounterACT must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
<VulnDiscussion>For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB p...Rule Medium Severity -
SRG-APP-000516-NDM-000344
<GroupDescription></GroupDescription>Group -
CounterACT must obtain its public key certificates from an appropriate certificate policy through an approved service provider.
<VulnDiscussion>For user certificates, each organization obtains certificates from an approved, shared service provider, as required by OMB p...Rule Medium Severity -
SRG-APP-000516-NDM-000333
<GroupDescription></GroupDescription>Group -
CounterACT must enable Threat Protection notifications to alert security personnel to Cyber events detected by a CounterACT IAW CJCSM 6510.01B.
<VulnDiscussion>CJCSM 6510.01B, "Cyber Incident Handling Program", in subsection e.(6)(c) sets forth requirements for Cyber events detected b...Rule Medium Severity -
SRG-APP-000408-NDM-000314
<GroupDescription></GroupDescription>Group -
SRG-APP-000516-NDM-000337
<GroupDescription></GroupDescription>Group -
CounterACT must employ automated mechanisms to centrally apply authentication settings.
<VulnDiscussion>The use of authentication servers or other centralized management servers for providing centralized authentication services i...Rule Medium Severity -
SRG-APP-000142-NDM-000245
<GroupDescription></GroupDescription>Group -
CounterACT must disable all unnecessary and/or nonsecure plugins.
<VulnDiscussion>CounterACT is capable of providing a wide variety of functions and services. Some of the functions and services provided by d...Rule High Severity -
SRG-APP-000190-NDM-000267
<GroupDescription></GroupDescription>Group -
CounterACT must terminate all network connections associated with an Enterprise Manager Console session upon Exit, or session disconnection, or after 10 minutes of inactivity, except where prevented by documented and validated mission requirements.
<VulnDiscussion>Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take c...Rule Medium Severity -
SRG-APP-000190-NDM-000267
<GroupDescription></GroupDescription>Group -
CounterACT must terminate all network connections associated with an SSH connection session upon Exit, session disconnection, or after 10 minutes of inactivity, except where prevented by documented and validated mission requirements.
<VulnDiscussion>Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take c...Rule Medium Severity -
SRG-APP-000231-NDM-000271
<GroupDescription></GroupDescription>Group -
CounterACT must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC).
<VulnDiscussion>If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analys...Rule Medium Severity -
SRG-APP-000373-NDM-000298
<GroupDescription></GroupDescription>Group -
CounterACT must allow only authorized administrators to view or change the device configuration, system files, and other files stored either in the device or on removable media.
<VulnDiscussion>This protection is required to prevent unauthorized alteration, corruption, or disclosure of information when not stored dire...Rule Medium Severity -
SRG-APP-000125-NDM-000241
<GroupDescription></GroupDescription>Group -
If any logs are stored locally which are not sent to the centralized audit server, CounterACT must back up audit records at least every seven days onto a different system or system component than the system or component being audited.
<VulnDiscussion>Protection of log data includes ensuring log data is not accidentally lost or deleted. Regularly backing up audit records to ...Rule Medium Severity -
SRG-APP-000133-NDM-000244
<GroupDescription></GroupDescription>Group -
CounterACT must limit privileges to change the software resident within software libraries.
<VulnDiscussion>Changes to any software components of the network device can have significant effects on the overall security of the network....Rule Medium Severity -
SRG-APP-000169-NDM-000257
<GroupDescription></GroupDescription>Group -
CounterACT must enforce password complexity by requiring that at least one special character be used.
<VulnDiscussion>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, ...Rule Medium Severity -
SRG-APP-000515-NDM-000325
<GroupDescription></GroupDescription>Group -
CounterACT must sent audit logs to a centralized audit server (i.e., syslog server).
<VulnDiscussion>Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common...Rule Medium Severity -
SRG-APP-000374-NDM-000299
<GroupDescription></GroupDescription>Group -
SRG-APP-000148-NDM-000346
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.