STIGQter: STIG Summary: Cisco ISE NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021: STIGQter: STIG Summary: Cisco ISE NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:SV-242644r714242_rule
V-242644
SRG-APP-000395-NDM-000347
CSCO-NM-000390
CAT II
10
1. Choose Administration >> System >> Settings >> System Time.
2. Enter unique IP addresses (IPv4/IPv6/FQDN) for the NTP servers.
3. Check the "Only allow authenticated NTP servers" check box if you want to restrict Cisco ISE to use only authenticated NTP servers to keep system and network time. DoD requires NTP authentication where available, so configure the NTP server using private keys. Click the "NTP Authentication Keys" tab and specify one or more authentication keys if any of the servers that you specify requires authentication via an authentication key, as follows:
4. Click "Add".
5. Enter the necessary Key ID and Key Value. Specify whether the key in question is trusted by activating or deactivating the Trusted Key option, and click "OK". The Key ID field supports numeric values between 1 and 65535, and the Key Value field supports up to 15 alphanumeric characters.
6. Return to the NTP Server Configuration tab when finished entering the NTP Server Authentication Keys.
7. Click "Save".
1. View the status of the Network Translation Protocol (NTP) associations.
show ntp
2. Verify a primary and secondary ntp server address is configured.
If the Cisco ISE is not configured to synchronize internal information system clocks using redundant authoritative time sources, this is a finding.
V-242644
False
CSCO-NM-000390
1. View the status of the Network Translation Protocol (NTP) associations.
show ntp
2. Verify a primary and secondary ntp server address is configured.
If the Cisco ISE is not configured to synchronize internal information system clocks using redundant authoritative time sources, this is a finding.
M
5384