The Cisco ISE must have a posture policy for posture required clients defined in the NAC System Security Plan (SSP). This is required for compliance with C2C Step 2.
An XCCDF Rule
Description
<VulnDiscussion>Posture assessments can reduce the risk that clients impose on networks. The posture policy is the function that can link requirements to applicable clients. Multiple requirements can be associated with a single policy. However, multiple polices can also be applicable to the same client. The posture policy operates in such a way that all applicable policies are applied, versus the top-down first match approach.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-242606r944368_rule
- Severity
- High
- References
- Updated
Remediation - Manual Procedure
If required by the NAC SSP, configure the posture policy for posture required clients.
1. Navigate to Work Centers >> Posture >> Posture Policy.
2. Choose the drop-down located next to "Edit" on the right side of the page where you want the new policy inserted.
3. Choose "Insert new policy".
4. Define a Name.