ForeScout NAC Compliance on the Mac

ForeScout (NAC) Compliance on the Mac


Requirements:

Mac OS versions: 10.13 and above
Access to a Partners Wifi network (that is not "phspiaguest") or VPN

What you need to be compliant for NAC:

  1. Enrolled in PEAS
  2. Install the ForeScout SecureConnector
  3. Install AntiVirus (most major brands are accepted, CrowdStrike AntiVirus is supplied for free, see below)
  4. Your Mac must be encrypted

Enroll in PEAS:


To enroll your Mac in PEAS, refer to KB0034657

If you are unsure whether you are enrolled in PEAS, open a Finder window and check your Applications folder for the Self Service application. If Self Service is there, then you are enrolled.

 

Installing the ForeScout SecureConnector


 

Open the Self Service application to download the ForeScout SecureConnector application

 

Log in using your Partners username and password, then click the Install button in Self Service

 

To verify that ForeScout SecureConnector is installed, simply find it in your Applications folder, nothing else is necessary

 

Installing CrowdStrike AntiVirus


 

Open the Self Service application to download the CrowdStrike AV application

Log in using your Partners username and password, then click the Install button in Self Service

 

 Installing CrowdStrike AntiVirus also installs the PEAS Menu, which gives you information on CrowdStrike and Forescout

 

Encrypting your Mac


 

Any Mac that is enrolled in PEAS will prompt you for encryption on reboot if you are not encrypted. Depending on your version of the Mac operating system, it will ask when you log out, or log back in.

To determine if you are encrypted, open System Preferences, and click Security & Privacy

 

 

With FileVault selected, you will be able to see your encryption status:

 

When FileVault is set to on, then your computer is encrypted. If FileVault is off, then your computer is not encrypted.

If you are enrolled in PEAS, it is recommended that you reboot, and when prompted, click Encrypt. Upon reboot, you will see this window:

 

Click Enable Now to begin the encryption process.


Related articles