V-233317 - Forescout Network Access Control Security Technical Implementation Guide

Back to Forescout Network Access Control Security Technical Implementation Guide

When devices fail the policy assessment, Forescout must create a record with sufficient detail suitable for forwarding to a remediation server for automated remediation or sending to the user for manual remediation. This is required for compliance with C2C Step 3.

Severity: Medium

Description

<VulnDiscussion>Notifications sent to the user and/or network administrator informing them of remediation requirements will ensure that action is taken.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

Check

If DoD is not at C2C Step 3 or higher, this is not a finding. Verify Forescout sends user and/or admin notification of remediation requirements, whether manual or automated. If the NAC does not flag for future manual or automated remediation, devices failing policy assessment that are not automatically remediated either before or during the remote access session, this a finding.

Fix

Log on to the Forescout UI. 1. Within the Policy tab, locate the Compliance policies. 2. Within the policy Sub-Rule, ensure all policies that indicate remediation have been configured to notify the user and/or network administrator of required action.