STIGQter STIGQter: STIG Summary: Cisco ISE NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Cisco ISE must be configured to conduct backups of system level information contained in the information system when changes occur.

DISA Rule

SV-242637r714221_rule

Vulnerability Number

V-242637

Group Title

SRG-APP-000516-NDM-000340

Rule Version

CSCO-NM-000320

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Save changes made to the startup configuration.

copy running-config startup-config

To save changes to the Cisco ISE configuration and/or Cisco ADE OS data and place the backup in a repository, use the backup command in EXEC mode on the CLI.

backup [{backup-name} repository {repository-name} ise-operational encryption-key hash| plain {encryption-key name}]

Check Contents

1. Review the SSP to see the site's network device backup policy. Check the Cisco ISE backup log to verify regular backups are being performed.
show backup history
2. Determine if there is a recent history of backups.

If the Cisco ISE is not configured to conduct backups of system-level information contained in the information system when changes occur, this is a finding.

Vulnerability Number

V-242637

Documentable

False

Rule Version

CSCO-NM-000320

Severity Override Guidance

1. Review the SSP to see the site's network device backup policy. Check the Cisco ISE backup log to verify regular backups are being performed.
show backup history
2. Determine if there is a recent history of backups.

If the Cisco ISE is not configured to conduct backups of system-level information contained in the information system when changes occur, this is a finding.

Check Content Reference

M

Target Key

5384

Comments