1 2 3 4 5 6 7 8 9 10
Third-Party-Whitepapers_Icon datasheet smart-tv white-papers videos tech-notes solution-briefs infographics case-studies brochures awards reviews podcasts guides

Forescout

Government

You are a prime target for cyberattacks that disrupt operations.

We enforce your policies to enable full compliance & cyber readiness.

Learn More

Defense Information Systems Agency (DISA) Selects Forescout to Protect Millions of Mission Critical Devices Across Global Networks

Latest Research

Locate and Remove Prohibited Devices

Quickly identify prohibited devices such as Kaspersky, Huawei and ZTE that pose security risks.

Tools

Comply-to-Connect: The Basis for Cybersecurity

The cybersecurity challenges facing government agencies are more complex than ever and demand comprehensive solutions capable of securing networks, devices and data.

Federal government agencies, both civilian and military, need capabilities to manage cybersecurity risk and fulfill their mission to deliver security and services to the general public.

Enter Forescout. We offer unmatched agentless visibility, control and orchestration capabilities that scale to networks with tens of millions of endpoints. It’s no wonder the Forescout platform is the cybersecurity cornerstone in both the Continuous Diagnostics and Mitigation Program (managed by the Department of Homeland Security) and the Comply-to-Connect Program (managed by the Defense Information Systems Agency). Explore this site to learn why, then give us a call.

How Forescout Helps

Local, state and federal government agencies are prime targets for hackers, whether politically motivated, seeking information they can sell, or simply engaged in mischief. By providing secure network access for a wide range of devices and user populations, the Forescout platform helps government agencies protect their confidential data and support their compliance efforts with mandated policies and regulations such as FISMA, NERC, ISO/IEC 27001 and the GDPR. Forescout can:

  • Identify endpoints on a network, including unmanaged and rogue devices
  • Automate security and compliance policies, reducing the time to detect and resolve incidents–or prevent them altogether
  • Provide a comprehensive platform to empower potentially underperforming legacy IT investments

Government Solution Brief

As cyberthreats increase in numbers and effectiveness, government agencies must rethink how to eliminate intrusions, protect sensitive information and mitigate exposure to cyberattacks.

READ

“When we start enriching data from other tools with accurate, real-time data from Forescout, our cybersecurity team is able to make data-driven decisions with confidence. It allows me to sleep at night.”

—Bilal Khan, Chief Technology and Security Officer, NJ TRANSIT

NIST RMF (Risk Management Framework)

Enforce a unified network security policy to address NIST RMF requirements

Forescout CounterACT® helps you proactively enforce a unified network security policy to address National Institute for Standards and Technology (NIST) RMF requirements in three key ways:

  • See – Detect IP-addressed endpoints on the network, including unmanaged, IoT and rogue devices, without requiring software agents or previous device knowledge.
  • Control – Allow, deny or limit network access based on device posture and security policies. Automate security and compliance policy enforcement and reduce the time to identify and resolve incidents while allowing security operations to be more efficient, effective and proactive.
  • Orchestrate – Share real-time security intelligence across more than 70 network, security, mobility and IT management products* to automate and accelerate system-wide threat response while reducing the risk and costs associated with manual analysis and correlation.

*As of December 31, 2016

NIST RMF Solution Brief

READ

NIST Datasheet

READ

CONTINUOUS DIAGNOSTICS AND MITIGATION (CDM)

Gain real-time asset discovery, vulnerability management and intelligent response to address compliance management

CounterACT can serve as the centerpiece of your CDM solution. CounterACT helps you:

  • Continuously discover and classify unauthorized or unmanaged hardware and software on your network
  • Provide real-time endpoint visibility for vulnerability assessment, asset and configuration management solutions
  • Assess the security posture of endpoints on your LAN/WAN environment
  • Improve authentication and access control by blocking/restricting access to unauthorized or non-compliant devices
  • Automate mitigation and remediation through third-party system orchestration
  • Provide comprehensive situational awareness by identifying endpoints and integrating with SIEM and VA systems

CDM Solution Brief

Read the Brief

CDM Ongoing Assessment Solution Brief

Read the Brief

COMPLY-TO-CONNECT

The Department of Defense has thousands of networks, each with many more thousands of connected things such as routers, switches, PCs and servers as well as connected systems (HVAC controls, security sensors, cameras, etc.) and mobile devices (phones and tablets). If you don’t know that a device is connected, you can’t defend it, the data on the device or the data it generates. Comply to Connect (C2C) is changing all of that.

C2C is a framework that restricts unauthorized device access; reduces known vulnerabilities; takes actions to detect, identify, characterize, report and deter anomalous behaviors; and maintains the secure configuration of the network and its information resources.

The C2C framework is designed to identify, address and mitigate the risks posed by unknown, unsecured devices and unauthorized users connecting to networks. Put simply, C2C is a network-based security policy monitor and enforcer that delivers continuous monitoring and remediation.

Additional C2C Info

Learn More

Host Base Security System (HBSS)

The HBSS Program is being phased out of the DoD and is being replaced by the Endpoint Security Solution (ESS). During this process and even beyond, DISA will continue to support the DoD Anti-Virus/Anti-Spyware Enterprise Capability.

The DoD antivirus program supports the operation and defense of the DoD Information Network (DoDIN) by providing virus protection to DoDIN assets.

Currently, the solution licensed by DISA for DoD use is McAfee AV/AS. This solution can be standardized and deployed both enterprise-wide and on isolated network enclaves (e.g., a tactical environment) to protect laptops, desktops, servers and e-mail gateways.

SOURCE: Defense Information System Agency (DISA) web site (www.disa.mill)

C2C capabilities deliver orchestration of the DoD’s other management and cybersecurity tools, including the current Anti-Virus/Anti-Spyware Enterprise Capability. Using the C2C PMO -provided Forescout eyeExtend-McAfee module, the C2C framework can work together seamlessly to identify endpoints whose agents are not loaded, not configured properly, not running, or not communicating with their parent server. C2C then automatically triggers an action to remediate the issue. If resolution cannot be accomplished automatically between the tools, the C2C platform can automatically generate a trouble ticket to ensure the administrators are alerted that a device’s security tools are not providing the necessary protection. Once fixed, the device automatically receives its appropriate access to network resources.

DISA Network Defense Services

Learn More

Additional C2C Info

Learn More

Endpoint Security Solution

The DoD Endpoint Security Solutions (ESS) is an integrated set of capabilities that work together to detect, deter, protect, and report on cyber threats across all DoD networks.

Endpoint security is a DoD-wide effort that leverages the collaborative capabilities of the NSA, Services, DoD CYBER Range, Red Team support, and continuous market research through components and the MITRE corporation. The Endpoint ecosystem includes integrated solutions such as Comply to Connect (C2C), Containment, Visibility, and Assessment tools. The Endpoint ecosystem is constantly reviewed via the NIPRNet/SIPRNet Cyber Security Architecture Review (NSCSAR) process to ensure appropriate protections are in place to meet the ever-changing threat.

Mission Statement

Provide Endpoint Security tools to prevent targeted and deliberate computer network operations against DoDIN, destructive activity (malware infections, e.g. viruses, Trojan horses, worms, bots, and rootkits) from nation states, criminals, hackers. Evolve DoD HBSS to Endpoint Security and integrate endpoint data to situational awareness tools such as SECDEF CYBER SCORE CARD.

SOURCE: Defense Information System Agency (DISA) web site (www.disa.com)

C2C capabilities deliver orchestration of the DoD’s other management and cybersecurity tools, including the current Host Based Security System (HBSS), and will continue to perform this critical function as the DoD’s Endpoint Security Solution evolves. Using the C2C PMO provided Forescout eyeExtend modules, the C2C framework can work together seamlessly to identify endpoints whose agents are not loaded, not configured properly, not running or not communicating with their parent server. C2C then automatically triggers an action to remediate the issue, and if resolution cannot be accomplished automatically between the tools, the C2C platform can automatically generate a trouble ticket to ensure the administrators are alerted that a device’s security tools are not providing the necessary protection of the device. Once fixed, the device is automatically given its appropriate access to network resources.

DISA Endpoint Security Solutions

Learn More

Additional C2C Info

Learn More

Assured Compliance Assessment Solution (ACAS)

The Assured Compliance Assessment Solution (ACAS) is an integrated software solution that provides automated network vulnerability scanning, configuration assessment, and network discovery.

ACAS consists of a suite of products to include the Security Center, Nessus Scanner and the Nessus Network Monitor (formerly the Passive Vulnerability Scanner) which is provided by DISA to DoD Customers at no cost. DISA's Cyber Development (CD) is provides program management for the Enterprise ACAS offering as well as help desk support and training.

SOURCE: Defense Information System Agency (DISA) web site (www.disa.mil)

C2C capabilities deliver orchestration of the DoD’s other management and cybersecurity tools, including ACAS. Using the C2C PMO-provided Forescout eyeExtend-Tenable module, the C2C framework can work seamlessly to identify endpoints that have not been scanned for vulnerabilities by ACAS within the policy-derived timeline. C2C then automatically triggers the ACAS tools to scan the device and report any findings back into the C2C platform. If any issues are detected, C2C can orchestrate remediation actions in multiple ways, and if nothing anomalous is discovered, the device is allowed to connect to the network as normal.

DISA Assured Compliance Assessment Solution

Learn More

Additional C2C Info

Learn More

Command Cyber Readiness Inspections (CCRI)

Comply with CCRI Guidelines

C2C capabilities assist every DoD organization in getting – and staying – ready for CCRIs and CCORIs. Visibility (discovery, classification and compliance assessment) of every connecting device as well as the continuous monitoring of all connected endpoints, gives operators a new understanding of their network cyber readiness at all times. C2C capabilities also automate routine administrative functions, which raises the level of cyber readiness across all endpoints while cyber personnel focus their attention on the tough problems that need “gray matter” expertise. The C2C platform is a force multiplier for any team that has a pending inspection.

CCRI Solution Brief

Read the Brief

DISA Network Defense Services

Learn More

Additional C2C Info

Learn More

802.1X

802.1X is a network authentication protocol that permits a device to access an organization’s network by evaluating its credentials (user name/password or a digital certificate) against information held within an authentication server (usually RADIUS server). The 802.1X protocol performs no analysis on a device’s security state and makes no assessment as to whether the user of a device is in fact the correct, authorized user.

For many years, 802.1X was an adequate way to manage network access control (NAC) because networks consisted mainly of traditional IT devices such as laptops, desktops and servers, all of which run mainstream operating systems such as Windows, macOS or Linux. The absence of any NAC protocol or technology for non-traditional devices connecting to networks is the precise gap C2C seeks to close. C2C effectively ends the policy of relying on 802.1X for NAC because the entire program is premised on the need for the DoD to identify, assess and secure all assets, not just conventional computers.

C2C delivers agentless technology to identify, authenticate and assess every device for compliance before it is authorized and granted access to enterprise network resources. Compliant devices recieve the requisite level of network access to perform their assigned function. Noncompliant devices receive limited access to network services and are effectively quarantined to be automatically reassessed, remediated and granted network access once compliant. Unauthorized devices are restricted and unable to access the network.

Additional C2C Info

Learn More

U.S. GOVERNMENT CERTIFICATIONS

Trust a solution with the highest levels of military-grade and government security certifications

Forescout has achieved the following U.S. Government certifications and compliances:

  • U.S. Department of Defense Information Network Approved Products List (DoDIN APL) for v8.1 – DODIN APL LINK (Search Forescout)
  • FIPS (Federal Information Processing Standards) 140-2
  • National Information Assurance Partnership (NIAP) Common Criteria Certification for Forescout v8.1 – NIAP LINK
  • USMC ATO (Authority to Operate)
  • US Navy ATO (Authority to Operate)
  • U.S. Army CoN (Certificate of Networthiness)
  • DoDIN APL Certification for v8.2 - IN PROGRESS

U.S. GOVERNMENT CONTRACT VEHICLES

Ease procurement of U.S. Government contracts

The Forescout platform is authorized by the U.S. Government on the following contracts and purchasing schedules:

  • GSA Schedules (aka Multiple Award Schedules and Federal Supply Schedules)
  • NASA SEWP (Solutions for Enterprise-Wide Procurement) GWAC (Government-Wide Acquisition Contract)
  • ITES/2H (Managed and used by U.S. Army. Also used by DoD and other federal agencies)
  • Encore II (Managed by DISA, Defense Information Systems Agency)
  • Enterprise Software Initiative Blanket Purchase Agreement (ESI BPA) (managed by NIWC Pacific)

COMMAND CYBER READINESS INSPECTION (CCRI)

Improve your CCRI Score with the Forescout platform

The Forescout Visibility Platform helps improve all three components of your CCRI score.

  • Technical CCRI Component: Discover, classify and locate connecting devices, control network access based on security policies, and continuously monitor each device and apply appropriate controls.
  • CND Directives Component: Automate on-connect and continuous endpoint configuration assessment to comply with security benchmarks using the Forescout Extended Module for Advanced Compliance.
  • Contributing Factors Component: Enable real-time data sharing at all levels of Command and Control for a positive impact on Command Leadership Engagement, Awareness and Implementation of Security Technical Implementation Guide Requirements, Plan of Action and Milestones, and Cybersecurity Service Provider Alignment.

Executive Summary Command Cyber Readiness Inspection

Read

Quantify the ROI of your Visibility and Control

Improve your CCRI Score with the Forescout platform

In just 10 minutes we’ll help benchmark and analyze your opportunities for device and network security improvements

Get Your Personal Assessment

Read

Contact Us

Toll-Free (US): 1-866-377-8771
Tel (Intl): +1-408-213-3191
Support: +1-708-237-6591

Headquarters
190 W Tasman Dr.
San Jose, CA, USA 95134

Also of Interest