The Cisco ISE must be configured to notify the user before proceeding with remediation of the user's endpoint device when automated remediation is used. This is required for compliance with C2C Step 3.
An XCCDF Rule
Description
<VulnDiscussion>Notification will let the user know that installation is in progress and may take a while. This notice may deter the user from disconnecting and retrying the connection before the remediation is completed. Premature disconnections may increase network demand and frustrate the user. Note: This policy does not require remediation to be performed by the Cisco ISE, but will apply if remediation services are used.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-242582r812746_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
If required by the NAC SSP, configure a message prior to remediation:
1. Navigate to Work Centers >> Posture >> Policy Elements >> Requirements.
2. On the requirements under "Remediation Actions", define a message in the "Message Shown to Agent User".
3. Choose "Done".
4. Choose "Save".