The Cisco ISE must verify host-based IDS/IPS software is authorized and running on posture required clients defined in the NAC System Security Plan (SSP) prior to granting trusted network access. This is required for compliance with C2C Step 4.

An XCCDF Rule

Description

<VulnDiscussion>Automated policy assessments must reflect the organization's current security policy so entry control decisions will happen only where remote endpoints meet the organization's security requirements. If the remote endpoints are allowed to connect to the organization's network without passing minimum-security controls, they become a threat to the entire network.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-242580r1025168_rule
Severity: High
References: CCI-000213
Updated: 17 days ago

If required by the NAC SSP, configure the posture policy to verify that a host-based IPS is running.

1. Navigate to Work Centers >> Posture >> Policy Elements.

2. Create Host Intrusion Prevention Condition.
a. Expand "Conditions" on the left of the page.b. Choose "Firewall Condition".
c. Choose "Add".
d. Define a Name.
e. Select the applicable Compliance Module.
f. Select the Operating System.
g. Select the applicable firewall vendor.
h. Check "enable".
i. Select the applicable host intrusion prevention from the product list.
j. Click "Save".

3. Create Requirements.
a. Choose "Requirements" on the left of the page.
b. Choose the drop-down located next to "Edit" on the right side of the page where the requirement is to be inserted.
c. Choose "Insert new Requirement".
d. Define a Name.
e. Select the Operating System.
f. Select the applicable Compliance Module.
g. Select the Posture Type.
h. Select the Condition previously configured.
i. Select the Remediation Action of "Message Text Only" and type in a message to display.
j. Choose "Done".
k. Choose "Save".

4. Edit the Posture Policy.
a. Navigate to Work Centers >> Posture >> Posture Policy.
b. Find the Posture Policy that will be applied to the posture required endpoints.
c. Select the Requirement ensuring there is a green check box to the left of the name indicating it is a mandatory requirement.
d. Choose "Done".
e. Choose "Save".

The Cisco ISE must verify host-based IDS/IPS software is authorized and running on posture required clients defined in the NAC System Security Plan (SSP) prior to granting trusted network access. This is required for compliance with C2C Step 4.

Description

Remediation - Manual Procedure