If a device requesting access fails Forescout policy assessment, Forescout must communicate with other components and the switch to either terminate the session or isolate the device from the trusted network for remediation. This is required for compliance with C2C Step 3.
An XCCDF Rule
Description
<VulnDiscussion>Endpoints with identified security flaws and weaknesses endanger the network and other devices on it. Isolation or termination prevents traffic from flowing with traffic from endpoints that have been fully assessed and authorized.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-233312r811373_rule
- Severity
- High
- References
- Updated
Remediation - Manual Procedure
Use the Forescout Administrator UI to configure policies according to the SSP to filter assessed devices based on risk. Ensure the policies remediate or segment the at-risk devices according to the SSP.
1. In the Forescout UI, go to the Policy Tab >> Compliance Policies.
2. Select a policy, then click Edit.
3. Configure the Compliance Policies to include any of the following actions:
- Terminate the connection and place the device on a blacklist to prevent future connection attempts until action is taken to remove the device from the blacklist.