Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Cisco ISE NAC Security Technical Implementation Guide
SRG-NET-000015-NAC-000120
SRG-NET-000015-NAC-000120
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-NET-000015-NAC-000120
1 Rule
<GroupDescription></GroupDescription>
The Cisco ISE must place client machines on the blacklist and terminate the agent connection when critical security issues are found that put the network at risk. This is required for compliance with C2C Step 4.
Medium Severity
<VulnDiscussion>Since the Cisco ISE devices and servers should have no legitimate reason for communicating with other devices outside of the assessment solution, any direct communication with unrelated hosts would be suspect traffic.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>