STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 6 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

ForeScout CounterACT ALG Security Technical Implementation Guide

Version

V1R3

Release Date

Jun 18, 2024

SCAP Benchmark ID

ForeScout_CounterACT_ALG_STIG

Total Checks

13

Tags

other
CAT I: 1CAT II: 11CAT III: 1

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (13)

V-237572MEDIUMCounterACT, when providing user access control intermediary services, must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the network.V-237573LOWCounterACT, when providing user access control intermediary services, must retain the Standard Mandatory DoD-approved Notice and Consent Banner on the screen until users acknowledge the usage conditions and take explicit actions to log on for further access.V-237574MEDIUMCounterACT, when providing user access control intermediary services for publicly accessible applications, must display the Standard Mandatory DoD-approved Notice and Consent Banner before granting access to the system.V-237575MEDIUMCounterACT must send an alert to, at a minimum, the ISSO and SCA when an audit processing failure occurs.V-237576MEDIUMIf user authentication services are provided, CounterACT must be configured with a pre-established trust relationship and mechanisms with a central directory service that validates user account access authorizations and privileges.V-237577MEDIUMIf user authentication services are provided, CounterACT must restrict user authentication traffic to specific authentication server(s).V-237578MEDIUMCounterACT, when providing user authentication intermediary services, must implement replay-resistant authentication mechanisms for network access to non-privileged accounts.V-237579MEDIUMCounterACT must off-load audit records onto a centralized log server.V-237580MEDIUMCounterACT, when providing user authentication intermediary services, must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.V-237581MEDIUMCounterACT, when providing user authentication intermediary services, must implement multifactor authentication for remote access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.V-237582MEDIUMCounterACT must off-load audit records onto a centralized log server in real time.V-237583MEDIUMCounterACT must use an Enterprise Manager or other high availability solution to ensure redundancy in case of audit failure in this critical network access control and security service.V-265638HIGHThe version of ForeScout CounterAct must be a supported version.