STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Forescout Network Device Management Security Technical Implementation Guide

V-230955

CAT II (Medium)

Forescout must generate log records for a locally developed list of auditable events.

Rule ID

SV-230955r961863_rule

STIG

Forescout Network Device Management Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000169, CCI-000366

Discussion

Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource utilization or capacity thresholds; or to identify an improperly configured network device. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis.

Check Content

Verify the syslog triggers are configured in accordance with SSP requirements.

1. Log on to Forescout Administrator UI with admin or operator credentials. 
2. From the menu, select Tools >> Options >> Modules >> Syslog >> Syslog Triggers.
3. Ensure the proper NAC events and System Logs and Events are selected in compliance with the SSP. 

If Forescout does not generate log records for a locally developed list of auditable events, this is a finding.

Fix Text

Configure Forescout auditing messages to ensure auditing is comprehensible for monitoring and analysis. 

1. Log on to Forescout Administrator UI with admin or operator credentials. 
2. From the menu, select Tools >> Options >> Modules >> Syslog >> Syslog Triggers. 
3. Ensure the proper NAC events and System Logs and Events are selected.