Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-242584 | CSCO-NC-000100 | SV-242584r812750_rule | Medium |
Description |
---|
Trusted computing should require authentication and authorization of both the user's identity and the identity of the computing device. An authorized user may be accessing the network remotely from a computer that does not meet DoD standards. This may compromise user information, particularly before or after a VPN tunnel is established. |
STIG | Date |
---|---|
Cisco ISE NAC Security Technical Implementation Guide | 2024-06-10 |
Check Text ( C-45859r812749_chk ) |
---|
If DoD is not at C2C Step 2 or higher, this is not a finding. If not required by the NAC SSP, this is not a finding. Verify that an alarm will be generated and sent when an endpoint has a change in posture status. From the Web Admin portal: 1. Choose Administration >> System >> Logging >> Logging Categories. 2. Verify the "AAA Audit", "Failed Attempts", and "Posture and Client Provisioning Audit" have LogCollector set as a target at a minimum. If the Posture and Client Provisioning Audit logging category is not configured to send to the LogCollector and/or another logging target, this is a finding. |
Fix Text (F-45816r803538_fix) |
---|
If required by the NAC SSP, configure an alarm to be generated and sent when an endpoint has a change in posture status. From the Web Admin portal: 1. Choose Administration >> System >> Logging >> Logging Categories. 2. Configure the "AAA Audit", "Failed Attempts", and "Posture and Client Provisioning Audit" categories to have the Targets field to have LogCollector selected at a minimum. If the environment has an additional SYSLOG server, it can be selected here as well. |