The Cisco ISE must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.

An XCCDF Rule

Description

<VulnDiscussion>Changes to any software components of the network device can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals should be allowed administrative access to the network device for implementing any changes or upgrades. If the network device were to enable non-authorized users to make changes to software libraries, those changes could be implemented without undergoing testing, validation, and approval.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-242640r960966_rule
Severity: High
References: CCI-000382
Updated: 17 days ago

If SNMP is used by the organization, then SNMP is configured at the command line interface.

To disable SNMPv1 and SNMPv2c if enabled type the remove the group with the following command.

no snmp-server group <community> v1
To enable the SNMPv3 server on Cisco ISE, use the snmp-server enable command in global configuration mode.

1. snmp-server enable
2. snmp-server user <username> v3 hash <auth-password>  <priv-password>
3. snmp-server host {ip-address | hostname} trap version 3 username engine_ID hash <auth-password> <priv-password>

The Cisco ISE must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services.

Description

Remediation - Manual Procedure