← Back to Forescout Network Access Control Security Technical Implementation Guide

V-233334

CAT II (Medium)

Communications between Forescout endpoint agent and the switch must transmit access authorization information via a protected path using a cryptographic mechanism. This is required for compliance with C2C Step 1.

Rule ID

SV-233334r1001245_rule

STIG

Forescout Network Access Control Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-000068

Discussion

Forescout solution assesses the compliance posture of each client and returns an access decision based on configured security policy. The communications associated with this traffic must be protected from alteration and spoofing attacks so unauthorized devices do not gain access to the network.

Check Content

If DOD is not at C2C Step 1 or higher, this is not a finding.

Verify both ends are configured for secure communications between the NAC and NAC agent.

If communication between the NAC and NAC agent does not use an encrypted method for protecting posture information transmitted between the devices, this is a finding.

Fix Text

Log on to the Forescout UI.

1. Select Tools >> Option >> HPS Inspection Engine >> SecureConnector.
2. In the Client-Server Connection, check the Minimum Supported TLS Version is set to TLS version 1.2.