ForeScout NAC Compliance on the Mac

ForeScout (NAC, Network Access Control) Compliance on the Mac


Requirements

  • Mac OS versions: macOS 12 Monterey and above
  • Access to a Mass General Brigham Wifi network (that is not "phspiaguest") or VPN

What you need to be compliant for NAC:

  1. Enrolled in PEAS
  2. Install the ForeScout SecureConnector
  3. Install AntiVirus (most major brands are accepted, CrowdStrike AntiVirus is supplied for free, see below)
  4. Your Mac must be encrypted

Enroll in PEAS

To enroll your Mac in PEAS, refer to KB0034657

If you are unsure whether you are enrolled in PEAS, open a Finder window and check your Applications folder for the Self Service application. If Self Service is there, then you are enrolled.


Installing the ForeScout SecureConnector

1. Open the Self Service application to download the ForeScout SecureConnector application

 

2. Log in using your user name and password, then click the Install button in Self Service

 

Note: To verify that ForeScout SecureConnector is installed, simply find it in your Applications folder, nothing else is necessary.


Installing CrowdStrike AntiVirus 

1. Open the Self Service application to download the CrowdStrike AV application


2. Log in using your username and password, then click the Install button in Self Service

Note: Installing CrowdStrike AntiVirus also installs the PEAS Menu, which gives you information on CrowdStrike and Forescout


Encrypting your Mac

Any Mac that is enrolled in PEAS will prompt you for encryption on reboot if you are not encrypted. Depending on your version of the Mac operating system, it will ask when you log out, or log back in.

1. To determine if you are encrypted, open System Preferences, and click Security & Privacy

2. With FileVault selected, you will be able to see your encryption status:

    • When FileVault is set to on, then your computer is encrypted.
    • If FileVault is off, then your computer is not encrypted.

3. If you are enrolled in PEAS, it is recommended that you reboot, and when prompted, click Encrypt. Upon reboot, you will see this window:

4. Click Enable Now to begin the encryption process.

Go to KB0030738 in the IS Service Desk

Related articles