STIGQter STIGQter: STIG Summary: Cisco ISE NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Cisco ISE must conduct backups of information system documentation, including security-related configuration files when changes occur or weekly, whichever is sooner.

DISA Rule

SV-242638r714224_rule

Vulnerability Number

V-242638

Group Title

SRG-APP-000516-NDM-000341

Rule Version

CSCO-NM-000330

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Save changes to the Cisco ISE configuration files data and place the backup in a repository by using the backup command in EXEC mode on the CLI.

backup [{backup-name} repository {repository-name} ise-config encryption-key hash| plain {encryption-key name}]

Check Contents

1. Review the SSP to see the site's network device backup policy. Check the Cisco ISE backup log to verify regular backups are being performed.
show backup history
2. Determine if there is a recent history of backups. Verify if the backup history shows either weekly backups or periodic backups.

If the Cisco ISE is not configured to conduct backups of system-level information contained in the information system when changes occur, this is a finding.

Vulnerability Number

V-242638

Documentable

False

Rule Version

CSCO-NM-000330

Severity Override Guidance

1. Review the SSP to see the site's network device backup policy. Check the Cisco ISE backup log to verify regular backups are being performed.
show backup history
2. Determine if there is a recent history of backups. Verify if the backup history shows either weekly backups or periodic backups.

If the Cisco ISE is not configured to conduct backups of system-level information contained in the information system when changes occur, this is a finding.

Check Content Reference

M

Target Key

5384

Comments