STIGQter STIGQter: STIG Summary: Cisco ISE NAC Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Cisco ISE must be configured to profile endpoints connecting to the network.

DISA Rule

SV-242577r714041_rule

Vulnerability Number

V-242577

Group Title

SRG-NET-000015-NAC-000020

Rule Version

CSCO-NC-000030

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the profiling service to provide a contextual inventory of all the endpoints that are using your network resources in any Cisco ISE-enabled network.

1. Choose Administration >> System >> Deployment.
2. Choose a Cisco ISE node that assumes the Policy Service persona.
3. Click "Edit" in the Deployment Nodes page.
4. On the "General Settings" tab, check the "Policy Service" check box.
5. Perform the following tasks:
- Check the "Enable Session Services" check box.
- Check the "Enable Profiling Services" check box to run the profiling service.
6. Click "Save" to save the node configuration.

Check Contents

Verify the profiling service is configured and enabled.

1. Choose Administration >> System >> Deployment.
2. View the Deployment Nodes.

Verify the following services are enabled via the check box:
Policy Service
Enable Session Services
Enable Profiling Services

If the Cisco ISE profiling service is not configured and enabled, this is a finding.

Vulnerability Number

V-242577

Documentable

False

Rule Version

CSCO-NC-000030

Severity Override Guidance

Verify the profiling service is configured and enabled.

1. Choose Administration >> System >> Deployment.
2. View the Deployment Nodes.

Verify the following services are enabled via the check box:
Policy Service
Enable Session Services
Enable Profiling Services

If the Cisco ISE profiling service is not configured and enabled, this is a finding.

Check Content Reference

M

Target Key

5383

Comments