Forescout must be configured to use Coordinated Universal Time (UTC).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-230945 | FORE-NM-000170 | SV-230945r1111875_rule | Medium |
| Description |
| If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by the application include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. |
| STIG | Date |
| Forescout Network Device Management Security Technical Implementation Guide | 2025-06-12 |
Details
| Check Text (C-33875r1111873_chk) |
| Determine if Forescout records time stamps for log records that can be mapped to UTC. This requirement may be verified by demonstration or configuration review. Note: Updating time preferences will force Forescout into maintenance mode and the service must be restarted. Use a scheduled outage for planned maintenance and stop Forescout service prior to adjusting time settings. 1. From the CLI run "fstool tz". 2. Type "yes" to change the timezone. 3. Type "2" for GMT offset. 4. Type "0" to enter the offiset (GMT 0 is equal to UTC time). 5. Ensure the Local time and Universal time match and type "yes" to continue. 6. Type "yes" to reboot. If Forescout does not record time stamps for log records that can be mapped to UTC, this is a finding. |
| Fix Text (F-33848r1111874_fix) |
| Remove accounts that are not authorized. Do not remove the account of last resort. 1. Log on to the Forescout Administrator UI with admin or operator credentials. 2. From the menu, select Tools >> Options >> CounterAct User Profiles. 3. Select (highlight) the user profile to be reviewed (group or user) and then select "Remove". 4. Remove any applicable external group membership or individual users on the external directory service. |