UCF STIG Viewer Logo

The Cisco ISE must have a posture policy for posture required clients defined in the NAC System Security Plan (SSP). This is required for compliance with C2C Step 1.


Overview

Finding ID Version Rule ID IA Controls Severity
V-242606 CSCO-NC-000320 SV-242606r812794_rule High
Description
Posture assessments can reduce the risk that clients impose on networks. The posture policy is the function that can link requirements to applicable clients. Multiple requirements can be associated with a single policy. However, multiple polices can also be applicable to the same client. The posture policy operates in such a way that all applicable policies are applied, versus the top-down first match approach.
STIG Date
Cisco ISE NAC Security Technical Implementation Guide 2021-12-21

Details

Check Text ( C-45881r812793_chk )
If DoD is not at C2C Step 1 or higher, this is not a finding.
If not required by the NAC SSP, this is not a finding.

Verify the posture policy for posture required clients.

1. Navigate to Work Centers >> Posture >> Posture Policy.
2. Review the enabled posture policies to ensure posture required endpoints will process requirements.

If there is not an enabled policy that will be applied to posture required endpoints, this is a finding.
Fix Text (F-45838r803571_fix)
If required by the NAC SSP, configure the posture policy for posture required clients.

1. Navigate to Work Centers >> Posture >> Posture Policy.
2. Choose the drop-down located next to "Edit" on the right side of the page where you want the new policy inserted.
3. Choose "Insert new policy".
4. Define a Name.
5. Select the applicable Identity Groups.
6. Select the applicable Operating Systems configured in the requirement previously created.
7. Select the Compliance Module configured in the requirement previously created.
8. Select the Posture Type configured in the requirement previously created.
9. Select Other Conditions if used.
10. Select the applicable Requirement or Requirements, ensuring there is a green check box to the left of the name indicating it is a mandatory requirement.
11. Choose "Done".
12. Choose "Save".

Note: The user can apply multiple requirements to a single policy, or have multiple policies with a single policy with a single requirement as the posture policy operates in a "match-all" fashion.