Military Network Access Control | U.S. Department of Defense Port Control

By: Forescout  09-12-2011
Keywords: Security, Access Control, Network Access


Strong Network Access Control

ForeScout CounterACT is a military-grade security product ideally suited to protect the network infrastructure of the U.S. Department of Defense (DoD), military contractors and suppliers.

In the United States, all Department of Defense (DoD) networks and their connecting networks are required to have an advanced level of security.   Some of the specific security requirements include:

  1. Network access control. The requirement for port-based network access control is contained in the Security Technical Implementation Guide (STIG) that is published by the United States Defense Information Systems Agency (DISA). This document states that all DoD networks must control access at the switch port.
  2. IAVA. United States DoD networks must comply with Information Assurance Vulnerability Alerts (IAVA) standards.
  3. Unauthorized devices and applications. Many defense organizations have restrictions against the use of USB memory sticks and peer-to-peer (P2P) applications.

In 2008, ForeScout CounterACT was added to the United States Army Information Assurance Approved Products List (AIAAPL), demonstrating that CounterACT met the Army’s high standards for security, ease of use and deployment, low end-user impact, and interoperability with existing remediation solutions and infrastructure requirements. Since then, many U.S. Department of Defense facilities have deployed CounterACT.

Much of our success is based on CounterACT’s ability to see every IP device connected to the network, control all connections down to the switch port, and provide complex policies to enable and enforce security processes and standards. Enforcement actions can include post-connection monitoring for threat prevention, and detection/blocking of banned devices (such as unencrypted USB memory devices). CounterACT can be deployed with or without 802.1x.


ForeScout CounterACT is an automated security control platform that delivers real-time visibility and control of all devices on your network.

The features which make ForeScout CounterACT uniquely suited to address the needs of defense and military organizations include:

  • Port-level access control. ForeScout CounterACT helps organizations meet the access control requirements as detailed in the DISA STIG.
  • IAVA integration. ForeScout CounterACT integrates with products from eEye Digital Security to deliver a combined vulnerability assessment (VA) and network access control (NAC) solution which automates the process of ensuring that all devices on the network are in compliance with IAVA standards.
  • Control unauthorized USB devices and applications. ForeScout CounterACT blocks unauthorized USB devices and applications (e.g. P2P) from all computers on the network.
  • Integration with McAfee ePolicy Orchestrator (ePO™). ForeScout CounterACT integrates with McAfee ePO.   Specifically, ForeScout CounterACT provides ePO with real-time information about computers on the network, including many parameters (such as the location of computers) that is otherwise unavailable to ePO.   This additional information gives security managers a higher degree of Situational Awareness and a greater degree of control over managed endpoints (those within the scope of McAfee ePO).
  • Scalability. ForeScout CounterACT has more large deployments than any other network access control solution. Our product has been proven in organizations as large as 190,000 endpoints who manage their entire network from a single centralized ForeScout CounterACT enterprise manager console.
  • Compatibility. ForeScout CounterACT is an out-of-band, network-based appliance that works with your existing network infrastructure – no switch upgrades, no network reconfigurations. CounterACT integrates with all major enterprise switches, both 802.1x and non-802.1x.
  • Certifications. ForeScout CounterACT is a military-grade security product that has achieved widespread utilization within military environments.   ForeScout CounterACT has achieved the following certifications:
  • Government contracts. ForeScout CounterACT is listed in several government contracts to ease procurement:
    • GSA Schedules (also referred to as Multiple Award Schedules and Federal Supply Schedules)
    • NASA SEWP (Solutions for Enterprise-Wide Procurement) GWAC (Government-Wide Acquisition Contract)
    • ITES/2H (Managed and used by US Army. Also used by DoD and other federal agencies)
    • Encore II (Managed by DISA, Defense Information Systems Agency)

Keywords: Access Control, Network Access, Security

Other products and services from Forescout


Government Network Access Control | Federal Government Policy Compliance

ForeScout CounterACT is a network security appliance ideally suited to help local governments and Federal agencies control network access, protect sensitive data, and comply with regulations. Government agencies have several unique characteristics that make network security very challenging.


Solutions Overview | ForeScout

With ForeScout, organizations can accelerate productivity and connectivity by enabling people to access corporate network resources where, how and when needed without compromising security. ForeScout Technologies is a leading provider of automated security control solutions for Fortune 1000 enterprises and government organizations. Learn more about how we deliver value by industry and purpose.


Financial Network Access Control | Network Security for Financial Services | NAC

ForeScout helps financial institutions protect confidential data, demonstrate compliance with regulations, and prepare for IT audits in a cost-effective, efficient manner. If you are responsible for IT security at a financial institution, you face several unique challenges due to the amount of sensitive data on your network.