Forescout must perform continuous detection and tracking of endpoint devices attached to the network. This is required for compliance with C2C Step 1.
An XCCDF Rule
Description
<VulnDiscussion>Continuous scanning capabilities on the NAC provide visibility of devices that are connected to the switch ports. The NAC continuously scans networks and monitors the activity of managed and unmanaged devices, which can be personally owned or rogue endpoints. Because many of today's small devices do not include agents, an agentless discovery is often combined to cover more types of equipment.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-233337r811425_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Log on to the Forescout UI.
1. Go to Tools >> Options >> Appliance >> IP Assignment.
2. Enter all IP addresses to be managed in the IP Assignment to enable the continuous monitoring capabilities of Forescout.