STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Forescout Network Device Management Security Technical Implementation Guide

V-230943

CAT III (Low)

The Forescout must configure a remote syslog where audit records are stored on a centralized logging target that is different from the system being audited.

Rule ID

SV-230943r1111869_rule

STIG

Forescout Network Device Management Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-001851

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity.

Check Content

Verify the syslog.

1. Log on to Forescout Administrator UI with admin or operator credentials.
2. From the menu, select Tools >> Options >> Modules >> Syslog >> Send Events To.
3. Click the IP address of the site's centralized syslog server.
4. Verify Identity, Facility, and Severity, as required by the SSP, are configured.

If the site's syslog server is not configured, this is a finding.

Fix Text

Configure the syslog.

1. Log on to Forescout Administrator UI with admin or operator credentials.
2. From the menu, select Tools >> Options >> Modules >> Syslog >> Send Events To.
3. Click "Add".
4. Enter the IP address of the site's centralized syslog.
5. Configure Identity, Facility, and Severity as required by the SSP.