STIGQter STIGQter: STIG Summary: Cisco ISE NAC Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Cisco ISE must have a posture policy for posture required clients defined in the NAC System Security Plan (SSP).

DISA Rule

SV-242606r714128_rule

Vulnerability Number

V-242606

Group Title

SRG-NET-000512-NAC-002310

Rule Version

CSCO-NC-000320

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the posture policy for posture required clients.

1. Navigate to Work Centers >> Posture >> Posture Policy.
2. Choose the drop-down located next to "Edit" on the right side of the page where you want the new policy inserted.
3. Choose "Insert new policy".
4. Define a Name.
5. Select the applicable Identity Groups.
6. Select the applicable Operating Systems configured in the requirement previously created.
7. Select the Compliance Module configured in the requirement previously created.
8. Select the Posture Type configured in the requirement previously created.
9. Select Other Conditions if used.
10. Select the applicable Requirement or Requirements, ensuring there is a green check box to the left of the name indicating it is a mandatory requirement.
11. Choose "Done".
12. Choose "Save".

Note: You can apply multiple requirements to a single policy, or have multiple policies with a single policy with a single requirement as the posture policy operates in a "match-all" fashion.

Check Contents

Verify the posture policy for posture required clients.

1. Navigate to Work Centers >> Posture >> Posture Policy.
2. Review the enabled posture policies to ensure posture required endpoints will process requirements.

If there is not an enabled policy that will be applied to posture required endpoints, this is a finding.

Vulnerability Number

V-242606

Documentable

False

Rule Version

CSCO-NC-000320

Severity Override Guidance

Verify the posture policy for posture required clients.

1. Navigate to Work Centers >> Posture >> Posture Policy.
2. Review the enabled posture policies to ensure posture required endpoints will process requirements.

If there is not an enabled policy that will be applied to posture required endpoints, this is a finding.

Check Content Reference

M

Target Key

5383

Comments