Skip to content

I - Mission Critical Public

Rules and Groups employed by this XCCDF Profile

  • Before establishing a local, remote, and/or network connection with any endpoint device, the Cisco ISE must use a bidirectional authentication mechanism configured with a FIPS-validated Advanced Encryption Standard (AES) cipher block algorithm to authenticate with the endpoint device. This is required for compliance with C2C Step 1.

    <VulnDiscussion>Bidirectional authentication provides stronger safeguards to validate the identity of other devices for connections that are ...
    Rule Medium Severity
  • SRG-NET-000512-NAC-002310

    <GroupDescription></GroupDescription>
    Group
  • The Cisco ISE must enforce posture status assessment for posture required clients defined in the NAC System Security Plan (SSP). This is required for compliance with C2C Step 3.

    &lt;VulnDiscussion&gt;Posture assessments can reduce the risk that clients impose on networks by restricting or preventing access of noncompliant c...
    Rule High Severity
  • SRG-NET-000512-NAC-002310

    <GroupDescription></GroupDescription>
    Group
  • The Cisco ISE must have a posture policy for posture required clients defined in the NAC System Security Plan (SSP). This is required for compliance with C2C Step 2.

    &lt;VulnDiscussion&gt;Posture assessments can reduce the risk that clients impose on networks. The posture policy is the function that can link req...
    Rule High Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules