Skip to content

The Cisco ISE must place client machines on the blacklist and terminate the agent connection when critical security issues are found that put the network at risk. This is required for compliance with C2C Step 4.

An XCCDF Rule

Description

<VulnDiscussion>Since the Cisco ISE devices and servers should have no legitimate reason for communicating with other devices outside of the assessment solution, any direct communication with unrelated hosts would be suspect traffic.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-242586r812754_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

If required by the NAC SSP, configure an Adaptive Network Control (ANC) policy to deny blacklisted devices access or make an authorization policy for the blacklist endpoint identity group.

1. Navigate to Operations >> Adaptive Network Control >> Policy List.
2. Choose "Add".
3. Give the policy a name.
4. Select the desired ANC Action (QUARANTINE or RE_AUTHENTICATE are the recommended actions for this).