Government/DoD Solutions Network Access Solutions

ForeScout CounterACT is a network security appliance ideally suited to help government and DoD agencies control network access, protect sensitive data, and comply with regulations. The solution is also easy to procure given its presence on various government contracts, including GSA.

Government

Government agencies have several unique characteristics that make network security very challenging:

• Size. Large numbers of people, spread over wide geographies.
• Connectivity. Government agencies often need to connect their networks to other public and private networks that are not completely trusted.
• Heterogeneity. Because of government bidding requirements, government networks are typically comprised of equipment from multiple vendors.
• Shared resources. Government agencies will often share their office space with other agencies and non-governmental entities. Physical control of the environment is not possible.
• Heightened need for security. State secrets and other extremely confidential information must be protected.

ForeScout CounterACT addresses each of these challenges.

• Scalability. ForeScout CounterACT has more large deployments than any other network access control solution.
• Compatibility. ForeScout CounterACT is an out-of-band, network-based appliance that works with your existing network infrastructure - no switch upgrades, no network reconfigurations. CounterACT integrates with all major enterprise switches, both 802.1x and non-802.1x.
• Role-based access. ForeScout NAC ensures that only the right people with the right devices gain access to the right network resources. ForeScout leverages user identity role assignments as used by your existing directory services. .

Government agencies that deploy ForeScout CounterACT are able to:

• Keep networks protected from the use of rogue devices, users, and unwanted applications. Read more here.
• Secure networks against internal attack and data leakage. Read more here.
• Enforce compliance with existing security policy. Read more here.
• Protect sensitive data through flexible and highly granular access control. Read more here.

ForeScout CounterACT has an existing common criteria certification at EAL2 with EAL4+ in progress, and is also FIPS 140-2 Level II compliant.

CounterACT helps agencies comply with internal government regulations such as FISMA and NERC. Additionally, many government institutions by their very nature must comply with the same regulations that apply to private business, for example:

• Department of Health and Human Services, National Centers for Disease Control (CDC): HIPAA, HITECH Act
• State-owned credit unions, municipal bond holders: GLBA
• Department of Education: FERPA
• Federal Trade Commission: FTC (Red Flags Rule)

For more detail on how ForeScout CounterACT helps you comply with data protection legislation, see here.

Military / DoD

In the United States, all Department of Defense (DoD) networks and their connecting networks are required to have an advanced level of network access control, one that controls access at the switch-port. This requirement is outlined in the Security Technical Implementation Guide (STIG) that was released by the United States Defense Information Systems Agency (DISA) in December 2008. Additional information about this requirement is located here:

• Read the MIT STIG Article.
• Read the STIG.

DoD networks also must comply with Information Assurance Vulnerability Alerts (IAVA) standards and FISMA regulations. ForeScout CounterACT can help with both.

ForeScout CounterACT is a military-grade security system, ideally suited to protect the network infrastructure of the U.S. Department of Defense (DoD), military contractors and suppliers. Many CounterACT capabilities were designed specifically to meet DoD requirements. The capabilities include:

• Meets DISA STIG requirements for port-based network access control without 802.1x. Read the press release and datasheet.
• Listed on the United States Army Information Assurance Approved Products List (AIAAPL).
• Blocks unauthorized devices (e.g. USB memory sticks) and applications (e.g. P2P) from all computers on the network. Read the press release and datasheet.
• Ensures IAVA compliance. ForeScout CounterACT works with products from eEye Digital Security to deliver a combined vulnerability assessment (VA) and network access control (NAC) solution. This joint solution automates the process of ensuring that all devices which connect to DoD networks are in compliance with Information Assurance Vulnerability Alerts (IAVA) standards. Read the press release and data sheet.
• Integrates with McAfee ePolicy Orchestrator (ePO™) compliance management system. This extends the network enforcement options within the ePO environment, and it brings greater coverage to more devices on the corporate network, including those in non-802.1x environments. Read the integration datasheet and the press release.

US Government Contracts

ForeScout CounterACT is listed in several government contracts for IT solutions procurement including:

• GSA Schedules (also referred to as Multiple Award Schedules and Federal Supply Schedules)
• NASA SEWP (Solutions for Enterprise-Wide Procurement) GWAC (Government-Wide Acquisition Contract)
• ITES/2H (Managed and used by US Army. Also used by DoD and other federal agencies)
• Encore II (Managed by DISA, Defense Information Systems Agency)

Contact us for more information.