STIGQter STIGQter: STIG Summary: Cisco ISE NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Cisco ISE must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of nonlocal maintenance and diagnostic communications.

DISA Rule

SV-242654r714272_rule

Vulnerability Number

V-242654

Group Title

SRG-APP-000411-NDM-000330

Rule Version

CSCO-NM-000490

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Enable FIPS Mode in Cisco ISE to ensure DRBG is used for all RNG functions.

1. Choose Administration >> System >> Settings >> FIPS Mode.
2. Choose the "Enabled" option from the FIPS Mode drop-down list.
3. Click "Save" and restart the node.

Check Contents

Navigate to Administration >> System >> Settings >> FIPS Mode.

Verify FIPS Mode is enabled.

If the Cisco ISE does not generate unique session identifiers using a FIPS 140-2 approved RNG, this is a finding.

Vulnerability Number

V-242654

Documentable

False

Rule Version

CSCO-NM-000490

Severity Override Guidance

Navigate to Administration >> System >> Settings >> FIPS Mode.

Verify FIPS Mode is enabled.

If the Cisco ISE does not generate unique session identifiers using a FIPS 140-2 approved RNG, this is a finding.

Check Content Reference

M

Target Key

5384

Comments