STIGQter: STIG Summary: Cisco ISE NAC Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Cisco ISE must verify host-based IDS/IPS software is authorized and running on posture required clients defined in the NAC System Security Plan (SSP) prior to granting trusted network access.

DISA Rule

SV-242580r714050_rule

Vulnerability Number

V-242580

Group Title

SRG-NET-000015-NAC-000020

Rule Version

CSCO-NC-000060

Severity

CAT I

CCI(s)

• CCI-000213 - The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

Weight

10

Fix Recommendation

Configure the posture policy to verify that a host-based IPS is running.

1. Navigate to Work Centers >> Posture >> Policy Elements.

2. Create Host Intrusion Prevention Condition.
a. Expand "Conditions" on the left of the page.
b. Choose "Firewall Condition".
c. Choose "Add".
d. Define a Name.
e. Select the applicable Compliance Module.
f. Select the Operating System.
g. Select "McAfee" for the vendor of firewall.
h. Check "enable".
i. Select "McAfee Host Intrusion Prevention" in the product list.
j. Choose "Save".

3. Create Requirements.
a. Choose "Requirements" on the left of the page.
b. Choose the drop-down located next to "Edit" on the right side of the page where you want the requirement inserted.
c. Choose "Insert new Requirement".
d. Define a Name.
e. Select the Operating System.
f. Select the applicable Compliance Module.
g. Select the Posture Type.
h. Select the Condition previously configured.
i. Select the Remediation Action of "Message Text Only" and type in a message to display.
j. Choose "Done".
k. Choose "Save".

4. Edit the Posture Policy.
a. Navigate to Work Centers >> Posture >> Posture Policy.
b. Find the Posture Policy that will be applied to the posture required endpoints.
c. Select the Requirement ensuring there is a green check box to the left of the name indicating it is a mandatory requirement.
d. Choose "Done".
e. Choose "Save".

Check Contents

Verify that the posture policy will verify that a host-based IPS is running.

1. Navigate to Work Center >> Posture >> Posture Policy.
2. Look over the enabled posture policies analyzing all the conditions.
3. Review the Requirements listed on polices that the posture required clients will use.
4. Navigate to Work Centers >> Posture >> Policy Elements.
5. Review the Requirements applied in the posture policy to ensure there is one with a firewall condition applied.
6. Review the Firewall condition ensuring it is configured to verify that the client firewall is enabled.

If there is not a firewall condition tied to a requirement that is applied to an applicable posture policy, this is a finding.

Vulnerability Number

V-242580

Documentable

False

Rule Version

CSCO-NC-000060

Severity Override Guidance

Verify that the posture policy will verify that a host-based IPS is running.

1. Navigate to Work Center >> Posture >> Posture Policy.
2. Look over the enabled posture policies analyzing all the conditions.
3. Review the Requirements listed on polices that the posture required clients will use.
4. Navigate to Work Centers >> Posture >> Policy Elements.
5. Review the Requirements applied in the posture policy to ensure there is one with a firewall condition applied.
6. Review the Firewall condition ensuring it is configured to verify that the client firewall is enabled.

If there is not a firewall condition tied to a requirement that is applied to an applicable posture policy, this is a finding.

Check Content Reference

M

Target Key

5383

Comments