STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Forescout Network Access Control Security Technical Implementation Guide

V-233337

CAT II (Medium)

Forescout must perform continuous detection and tracking of endpoint devices attached to the network. This is required for compliance with C2C Step 1.

Rule ID

SV-233337r811425_rule

STIG

Forescout Network Access Control Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-000366

Discussion

Continuous scanning capabilities on the NAC provide visibility of devices that are connected to the switch ports. The NAC continuously scans networks and monitors the activity of managed and unmanaged devices, which can be personally owned or rogue endpoints. Because many of today's small devices do not include agents, an agentless discovery is often combined to cover more types of equipment.

Check Content

If DoD is not at C2C Step 1 or higher, this is not a finding.

Verify the NAC performs continuous detection and tracking of endpoint devices attached to the network.

1. Log on to the Forescout UI.
2. Go to Tools >> Options >> Appliance >> IP Assignment.
3. Check that all IP addresses that should be managed are within the IP Assignments as required by the SSP.

If the NAC does not perform continuous detection and tracking of endpoint devices attached to the network, this is a finding.

Fix Text

Log on to the Forescout UI.

1. Go to Tools >> Options >> Appliance >> IP Assignment.
2. Enter all IP addresses to be managed in the IP Assignment to enable the continuous monitoring capabilities of Forescout.