The Cisco ISE must have a posture policy for posture required clients defined in the NAC System Security Plan (SSP). This is required for compliance with C2C Step 2.

An XCCDF Rule

Description

Posture assessments can reduce the risk that clients impose on networks. The posture policy is the function that can link requirements to applicable clients. Multiple requirements can be associated with a single policy. However, multiple polices can also be applicable to the same client. The posture policy operates in such a way that all applicable policies are applied, versus the top-down first match approach.

ID: SV-242606r944368_rule
Version: CSCO-NC-000320
Severity: High
References: CCI-000366
Updated: 11 days ago

Remediation Templates

If required by the NAC SSP, configure the posture policy for posture required clients.

1. Navigate to Work Centers >> Posture >> Posture Policy.
2. Choose the drop-down located next to "Edit" on the right side of the page where you want the new policy inserted.
3. Choose "Insert new policy".
4. Define a Name.5. Select the applicable Identity Groups. 
6. Select the applicable Operating Systems configured in the requirement previously created.
7. Select the Compliance Module configured in the requirement previously created.
8. Select the Posture Type configured in the requirement previously created.
9. Select Other Conditions if used.
10. Select the applicable Requirement or Requirements, ensuring there is a green check box to the left of the name indicating it is a mandatory requirement.
11. Choose "Done".
12. Choose "Save".

Note: The user can apply multiple requirements to a single policy, or have multiple policies with a single policy with a single requirement as the posture policy operates in a "match-all" fashion.

The Cisco ISE must have a posture policy for posture required clients defined in the NAC System Security Plan (SSP). This is required for compliance with C2C Step 2.

Description

Remediation Templates

A Manual Procedure