Securely Enable Government with Zero Trust Security Capabilities
International governments face the sophisticated threats in today’s digitized world. From national defense and critical infrastructure protection to protecting citizens’ private data and more, government entities are attractive targets for exploitation. Forescout provides governments with zero trust security capabilities to better secure their IT, OT/ICS and IoT networks.
Cybersecurity Capabilities for Government Agencies
The Forescout Platform helps keep government operations available, secure and compliant. Forescout helps government IT and security professionals protect data, secure access to government resources and demonstrate compliance for federal agencies and other public-sector entities, providing a multi-layered defense capability and helping keep citizens’ daily lives free from disruption. Forescout has a rich history of working with government agencies at every level and is a primary technology in major federal programs such as Continuous Diagnostics and Mitigation (CDM) and Comply to Connect.
Enforce a zero trust security architecture and limit access to information, services and applications resources through policy.
Continuously monitor for the presence of required software, unauthorized software, rogue devices, configuration changes, etc.
Understand all connected devices, including unmanaged and rogue devices, to determine impact of known vulnerabilities and automate mitigation response (block, patch, etc.), saving labor and reducing time to repair.
Identify un- or under-utilized software for cost savings or consolidation and remove outdated software that poses increased threat from legacy vulnerabilities.
Gain introspection into running embedded software and applications on managed and unmanaged devices.
Continuous Diagnostics and Mitigation (CDM)
Identify and Mitigate Risk through the CDM Program
The Forescout Platform can serve as the centerpiece of your CDM solution by helping you:
- Mitigate vulnerabilities and quickly respond to incidents with automated, real-time visibility of endpoints as they connect to your network.
- Establish a real-time inventory of devices, hardware, operating systems, applications, patch levels, open ports, peripheral devices, users and more.
- Limit network access to authorized users and devices with or without 802.1X.
- Assess the security and compliance posture of endpoints in real time, both pre- and post-connection.
- Automate remediation of noncompliant endpoints by auto-updating endpoint configurations, patches and updates, and install, activate, or disabling applications or peripherals.
- Produce real-time compliance reports and shorten detection interval latency (DIL) by initiating compliance scans as hosts connect, rather than waiting for time-based scans.
Knowing all of the devices on the DoD’s Information Network, or DODIN, has always been a challenge. And if they don’t know that a device is connected, they can’t defend it or the information on it. Comply-to-Connect, or C2C, is changing all of that.
NIST Cybersecurity Framework
Enforce a unified network security policy to address the NIST Cybersecurity Framework family of controls, including:
Detect all IP-based endpoints on the network, including unmanaged devices, IoT, rogue devices; assess their cybersecurity posture; and enforce access policies to the network and within network segments.
Maintain consistent configurations across the enterprise; maintain and control deviations from configuration policies; and enforce "least functionality" by identifying and removing unnecessary or insecure software.
Assessment, authorization and monitoring
Establish continuous monitoring to track system-level metrics and inform risk-based decisions.
Supply chain (New in NIST 800-53 Rev 5)
Identify and segment critical systems components for tracking through the supply chain.
U.S. Government Certifications
Trust a solution with the highest levels of military-grade and government security certifications
Forescout has achieved the following U.S. Government certifications and compliances:
- National Information Assurance Partnership (NIAP) Common Criteria Certification
- U.S. Department of Defense Information Network Approved Products List ( DoDIN APL) (Search Forescout)
- FIPS (Federal Information Processing Standards) 140-2
- USGv6 Tested and Certified for IPv6
- Authority to Operate (ATO) from Multiple DoD Services and Programs
- U.S. Army CoN (Certificate of Networthiness)
U.S. Government Contract Vehicles
Ease procurement of U.S. Government contracts
The Forescout Platform is available through authorized Resellers and Distributors by the U.S. Government on the following contracts and purchasing schedules:
- GSA Schedules (aka Multiple Award Schedules and Federal Supply Schedules)
- NASA SEWP (Solutions for Enterprise-Wide Procurement) GWAC (Government-Wide Acquisition Contract)
- ITES/2H (Managed and used by U.S. Army. Also used by DoD and other federal agencies)
- Encore II (Managed by DISA, Defense Information Systems Agency)
- Enterprise Software Initiative Blanket Purchase Agreement (ESI BPA) (managed by NIWC Pacific)
- Various State and Local contracts (NY OGS, TX DIR, SC, NC, CA SLP)
UK NCSC 10 Steps to Cyber Security
Achieve Compliance with NCSC’s Top 10 Steps to Cyber Security
The United Kingdom’s National Cyber Security Centre (NCSC) provides10 Steps to Cyber Security as guidance to help medium to large organisations better understand and mitigate their cyber risk. Either natively or by coordinating automated actions among security tools, the Forescout Platform supports this guidance by extending scarce IT and InfoSec resources with continuous, automated asset management, risk compliance, network segmentation, network access control and security orchestration across all connected assets, going above and beyond baseline security recommendations to provide a strong foundation for zero trust.
UK NCSC Cyber Essentials Plus
Align Your Organisation with the NCSC Cyber Essentials Plus Requirements
The Cyber Essentials certification scheme from the National Cyber Security Center (NCSC) is a simple but effective scheme that will help you protect your organisation from the most common cyberattacks. The Forescout Platform helps you align with the framework by continuously automating cyber security across your environment.
UK Telecoms Security Regulations
Achieve Compliance with the UK Telecoms Security Regulations
The UK government, alongside NCSC and Ofcom, is developing new regulations and code-of-practice proposals that would require telecoms providers to take measures to protect their networks and services, including risk and compliance analysis, traffic and incident monitoring, and log retention reporting.
The Forescout Platform supports the TSR draft regulations 6, 9 and 12 in particular.
Australian Essential Eight Maturity Model Compliance
Achieve Maturity Level 3 with all Essential Eight controls
The Australian Cyber Security Centre’s (ACSC’s) Essential Eight Maturity Model is a set of mitigation strategies designed to improve cybersecurity posture by making it hard for adversaries to compromise networks. With three maturity levels, even organisations with scarce IT resources can achieve baseline compliance and protection from increasing cyber threats. And with continuous visibility, compliance assessment and automated workflows using the equipment and security tools you already have, your network can adapt to your ever-changing digital terrain.
The Essential Eight is a set of mitigation strategies, not a single solution or technology that can be bought through a single vendor. They address three areas that require not only different security tools but tight communication and coordinated actions. Either natively or by coordinating automated actions among security tools, Forescout enables you to achieve Maturity Level Three for all eight controls, with continuous visibility into granular compliance status.
Canadian Centre for Cyber Security Top 10 IT Security Actions
Achieve Compliance with all Top 10 IT Security Actions
The Canadian Centre for Cyber Security maintains a list of the Top 10 IT security actions it recommends organizations take to protect connected networks and information1. The Forescout Continuum Platform extends scarce resources with continuous, automated asset management, risk compliance, network segmentation, network access control and security orchestration across all assets – cloud, IT, IoT, IoMT and OT/ICS – going above and beyond baseline security recommendations to provide a strong foundation for zero trust.
Government Customer Confidence
“I could see clearly that every one of my direct reports would have an application for the Forescout platform. There’s no question it would help dramatically in security, compliance and desktop support.”— Michael Hussey, Chief Information Officer, State of Utah
“Forescout has helped immensely with knowing which devices are on the network, understanding where they are located and their security posture, and being able to ensure that they adhere to our internal controls.”— Chief Information Officer, Large U.S. City
“Our engineers have been very pleased with the Forescout platform. It’s been very easy for them to use and adopt, and they enjoy working with it. It’s a great product, and we have only scratched the surface of what it can do.”— Ryan Morris, Chief Technology Officer, California Office of Statewide Health Planning and Development
Government Cybersecurity Related Resources
Government Solution BriefDownload
Using Zero Trust to Prevent Agency Ransomware AttacksRead More
Canadian Centre for Cyber Security Top 10 IT Security ActionsDownload
Essential Eight Compliance with ForescoutDownload
Forescout Extended Modules for Federal Civilian AgenciesDownload
Identify and Mitigate Risk through the CDM ProgramDownload
Achieving Comply-to-Connect Requirements with the Forescout PlatformDownload
Addressing NIST Security Controls with ForescoutDownload
How to Align with the NIST Cybersecurity FrameworkDownload
Schedule a Demo
Get a personalized tour of our solutions and see how we can help you automate cybersecurity.Request a Demo