← Back to Forescout Network Device Management Security Technical Implementation Guide

V-230960

CAT III (Low)

Forescout must disable the Request Customer Verification setting.

Rule ID

SV-230960r1043177_rule

STIG

Forescout Network Device Management Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000382

Discussion

To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable unused or unnecessary physical and logical ports/protocols on information systems. This option connects to a user verification server at Forescout infrastructure used for verification of customer profiles and must not be used in DoD. If accidentally checked, this must error out.

Check Content

In the Password and Sessions login options, ensure "request customer verification" is not enabled.

1. Log on to the Forescout Administrator UI.
2. From the menu, select Tools >> Options >> CounterACT User Profiles >> Password and Sessions.
3. Ensure the option for "request customer verification" is unchecked.

If the Request Customer Verification setting is enabled, this is a finding.

Fix Text

In the Password and Sessions login options, disable the "request customer verification" option.

1. Log on to the Forescout Administrator UI.
2. From the menu, select Tools >> Options >> CounterACT User Profiles >> Password and Sessions.
3. Ensure the option for "request customer verification" is unchecked.