The Cisco ISE must be configured to notify the user before proceeding with remediation of the user's endpoint device when automated remediation is used.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-242582 | CSCO-NC-000080 | SV-242582r714056_rule | Low |
| Description |
|---|
| Notification will let the user know that installation is in progress and may take a while. This notice may deter the user from disconnecting and retrying the connection before the remediation is completed. Premature disconnections may increase network demand and frustrate the user. Note: This policy does not require remediation to be performed by the Cisco ISE, but will apply if remediation services are used. |
| STIG | Date |
|---|---|
| Cisco ISE NAC Security Technical Implementation Guide | 2021-04-14 |
Details
| Check Text ( C-45857r714054_chk ) |
|---|
| Verify that each requirement used has a message to display. 1. Navigate to Work Centers >> Posture >> Posture Policy. 2. Make a note of each "Requirement" tied to an enabled Posture Policy. 3. Navigate to Work Centers >> Posture >> Policy Elements >> Requirements. 4. Verify that each requirement noted has a message in the "Message Shown to Agent User" box. If a requirement that is used does not have a message, this is a finding. |
| Fix Text (F-45814r714055_fix) |
|---|
| Configure a message prior to remediation: 1. Navigate to Work Centers >> Posture >> Policy Elements >> Requirements. 2. On the requirements under "Remediation Actions", define a message in the "Message Shown to Agent User". 3. Choose "Done". 4. Choose "Save". |