| Determine if groups with access such as Helpdesk Admin, Network Device Admin, SuperAdmin, and System Admin (at a minimum) are assigned unauthorized users. |
1. Choose Administration >> System >> Admin Access >> Administrators >> Admin Groups.
2. Review the users for the groups with edit access such as Helpdesk Admin, Network Device Admin, SuperAdmin, and System Admin at a minimum.
If the Cisco ISE does not enforce access restrictions associated with changes to the firmware, OS, and hardware components, this is a finding.