Securely Enable Government with Zero Trust Security Capabilities

Federal, state and local governments face the sophisticated threats in today’s digitized world. From national defense and critical infrastructure protection to protecting citizens’ private data and more, government entities at are attractive targets for exploitation. Forescout provides governments Zero Trust security capabilities to better secure their IT, OT/ICS, and IoT networks.



The Forescout platform helps keep government operations available, secure and compliant. Forescout helps government IT and security professionals protect data, secure access to government resources and demonstrate compliance for federal agencies and other public-sector entities, providing a multi-layered defense capability and helping keep citizens’ daily lives free from disruption. Forescout has a rich history of working with government agencies at every level and is a primary technology in major federal programs such as CDM and Comply to Connect.

Access Control

Enforce a Zero Trust security architecture and limit access to information, services and applications resources through policy.


Continuously monitor for the presence of required software, unauthorized software, rogue devices, configuration changes etc.

Incident response

Understand all connected devices, including unmanaged and rogue devices, to determine impact of known vulnerabilities and automate mitigation response (e.g. block, patch, etc.) saving labor and reducing time to repair.

Software inventory

Identify un- or under-utilized software for cost savings and/or consolidation, remove outdated software that poses increased threat from legacy vulnerabilities

Supply chain

Gain introspection into running embedded software and applications on managed and unmanaged devices.

Continuous Diagnostics and Mitigation (CDM)

Identify and Mitigate Risk through the CDM Program

The Forescout Platform can serve as the centerpiece of your CDM solution by helping you:

  • Mitigate vulnerabilities and quickly respond to incidents with automated, real-time visibility of endpoints as they connect to your network.
  • Establish a real-time inventory of devices, hardware, operating systems, applications, patch levels, open ports, peripheral devices, users and more.
  • Limit network access to authorized users and devices with or without 802.1X.
  • Assess the security and compliance posture of endpoints in real time, both pre- and post-connection.
  • Automate remediation of noncompliant endpoints by auto-updating endpoint configurations, patches and updates, and install, activate, or disabling applications or peripherals.
  • Produce realtime compliance reports and shorten Detection Interval Latency by initiating compliance scans as hosts connect, rather than waiting for time-based scans.


Knowing all of the devices on the DoD’s Information Network, or DODIN, has always been a challenge. And if they don’t know that a device is connected, they can’t defend it or the information on it. Comply-to-Connect, or ‘C2C,’ is changing all of that.

NIST Cybersecurity Framework

Enforce a unified network security policy to address NIST Cybersecurity Framework family of controls, including:

Access Control

Detect all IP-based endpoints on the network, including unmanaged devices, IoT, rogue devices; assess their cybersecurity posture; and enforce access policies to the network and within network segments.

Configuration Management

Maintain consistent configurations across the enterprise; maintain and control deviations from configuration policies; and enforce ‘least functionality’ by identifying and removing unnecessary or insecure software.

Assessment, Authorization, and Monitoring

Establish continuous monitoring to track system-level metrics and inform risk-based decisions.

Supply Chain (New in NIST 800-53 Rev 5)

Identify and segment critical systems components for tracking through the supply chain.

Government Programs

U.S. Government Certifications

Trust a solution with the highest levels of military-grade and government security certifications

Forescout has achieved the following U.S. Government certifications and compliances:

  • National Information Assurance Partnership (NIAP) Common Criteria Certification
  • U.S. Department of Defense Information Network Approved Products List ( DoDIN APL) (Search Forescout)
  • FIPS (Federal Information Processing Standards) 140-2
  • USGv6 Tested and Certified for IPv6
  • Authority to Operate (ATO) from Multiple DoD Services and Programs
  • U.S. Army CoN (Certificate of Networthiness)

U.S. Government Contract Vehicles

Ease procurement of U.S. Government contracts

The Forescout platform is available through authorized Resellers and Distributors by the U.S. Government on the following contracts and purchasing schedules:

  • GSA Schedules (aka Multiple Award Schedules and Federal Supply Schedules)
  • NASA SEWP (Solutions for Enterprise-Wide Procurement) GWAC (Government-Wide Acquisition Contract)
  • ITES/2H (Managed and used by U.S. Army. Also used by DoD and other federal agencies)
  • Encore II (Managed by DISA, Defense Information Systems Agency)
  • Enterprise Software Initiative Blanket Purchase Agreement (ESI BPA) (managed by NIWC Pacific)
  • Various State and Local contracts (NY OGS, TX DIR, SC, NC, CA SLP)

Customer Confidence

The Latest from Forescout

Solution Brief Icon   Solution Brief

Government Solution Brief

Solution Brief Icon   Solution Brief

Forescout Extended Modules for Federal Civilian Agencies

Solution Brief Icon   Solution Brief

Identify and Mitigate Risk through the CDM Program

White Paper Icon   White Paper

Achieving Comply-to-Connect Requirements with the Forescout Platform

Resources Icon   Resources

Addressing NIST Security Controls with Forescout

Read More
eBook Icon   eBook

How to Align with the NIST Cybersecurity Framework

Guide Icon   Guide

Forescout Compliance Guide: NIST, SWIFT, GDPR, PHI – OH MY!


Request a Demo

Get a personalized tour of our solutions and see how we can help you protect your Enterprise of Things.

Request a Demo

Take a Test Drive

Embark on a 90-minute, hands-on tour of Forescout, covering device visibility, asset management, incident response and network segmentation.

Schedule a Test Drive