UCF STIG Viewer Logo

The Cisco ISE must be running an operating system release that is currently supported by the vendor.


Overview

Finding ID Version Rule ID IA Controls Severity
V-242634 CSCO-NM-000280 SV-242634r714212_rule Medium
Description
Network devices running an unsupported operating system lack current security fixes required to mitigate the risks associated with recent vulnerabilities. The recommended best practice is for the organization to implement a patch management process for Junos OS. The process should involve testing and verification of the authenticity of vendor-provided updated. These files are then placed into a repository which is protected by access, confidentiality, and integrity control. System administrators can then initiate firmware/software updates by pointing the device to this repository. There is no need for the device to perform additional certificate verification.
STIG Date
Cisco ISE NDM Security Technical Implementation Guide 2021-09-27

Details

Check Text ( C-45909r714210_chk )
To display information about the software version, type the following at the CLI:
show version

View details about the installed version of Cisco ADE-OS software running in the Cisco ISE server and also the Cisco ISE version.

If the Cisco ISE is not running an operating system release that is currently supported by the vendor, this is a finding.
Fix Text (F-45866r714211_fix)
Install the latest approved update of the CISCO ADE-OS software.

1. Click the "Upgrade" tab in the Admin portal.
2. Click "Proceed". The Review Checklist window appears. Read the instructions carefully.
3. Check the "I have reviewed the checklist" check box, and click "Continue".