Forescout must use TLS 1.2, at a minimum, to protect the confidentiality of information passed between the endpoint agent and Forescout for the purposes of client posture assessment. This is required for compliance with C2C Step 1.

An XCCDF Rule

Description

Using older unauthorized versions or incorrectly configuring protocol negotiation makes the gateway vulnerable to known and unknown attacks that exploit vulnerabilities in this protocol.

ID: SV-233332r811414_rule
Version: FORE-NC-000270
Severity: Medium
References: CCI-000068
Updated: about 2 months ago

Remediation Templates

Configure the SecureConnector to ensure the minimum supported TLS version is set to TLS 1.2.

Log on to the Forescout UI.

1. Select Tools >> Options >> Certificates.
2. Check the Ongoing TLS Sessions section, view the Re-verify TLS Sessions.3. Change the Re-verify TLS Sessions to Every 1 Day or in accordance with the site's SSP, then click "Apply".
4. Next, select the HPS Inspection Engine >> SecureConnector.
5. In the Client-Server Connection, ensure the Minimum Supported TLS Version is set to TLS version 1.2.

Forescout must use TLS 1.2, at a minimum, to protect the confidentiality of information passed between the endpoint agent and Forescout for the purposes of client posture assessment. This is required for compliance with C2C Step 1.

Description

Remediation Templates

A Manual Procedure