The Cisco ISE must conduct configuration and operational backups when changes are made or must schedule backups weekly, at a minimum.
An XCCDF Rule
Description
<VulnDiscussion>If this information is not backed up and a system failure was to occur, the security settings would be difficult to reconfigure quickly and accurately, thus increasing adverse impact of the outage. There are two types of ISE backups: Configuration backup and operational backup. This requirement pertains to the configuration. Since the administrator may forget to immediately backup each time changes are made, a scheduled weekly backup is a best practice and preferred. However, there may be operational impacts for the scheduling option that necessitate immediate backup after configuration changes method be used.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-242638r1025180_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
1. To configure a repository, navigate to Administration >> System >> Maintenance > Repository.
2. Click "Add".
3. Provide a Repository Name and choose SFTP (recommended) or a secure protocol. Then enter Server Name, Path, User Name, and Password, and click "Submit". The repository must be on another device such as the syslog or SFTP server.
On-demand and/or scheduled configuration and operational data backups are as follows:
1. Navigate to Administration >> System >> Backup & Restore.