The Cisco ISE must send an alert to the Information System Security Manager (ISSM) and System Administrator (SA), at a minimum, when security issues are found that put the network at risk. This is required for compliance with C2C Step 2.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-242584 | CSCO-NC-000100 | SV-242584r812750_rule | CCI-000213 | medium |
| Description | ||||
| Trusted computing should require authentication and authorization of both the user's identity and the identity of the computing device. An authorized user may be accessing the network remotely from a computer that does not meet DoD standards. This may compromise user information, particularly before or after a VPN tunnel is established. | ||||
| STIG | Date | |||
| Cisco ISE NAC Security Technical Implementation Guide | 2024-09-10 | |||
Details
Check Text (C-242584r812750_chk)
If DoD is not at C2C Step 2 or higher, this is not a finding.
If not required by the NAC SSP, this is not a finding.
Verify that an alarm will be generated and sent when an endpoint has a change in posture status.
From the Web Admin portal:
1. Choose Administration >> System >> Logging >> Logging Categories.
2. Verify the "AAA Audit", "Failed Attempts", and "Posture and Client Provisioning Audit" have LogCollector set as a target at a minimum.
If the Posture and Client Provisioning Audit logging category is not configured to send to the LogCollector and/or another logging target, this is a finding.
Fix Text (F-45816r803538_fix)
If required by the NAC SSP, configure an alarm to be generated and sent when an endpoint has a change in posture status.
From the Web Admin portal:
1. Choose Administration >> System >> Logging >> Logging Categories.
2. Configure the "AAA Audit", "Failed Attempts", and "Posture and Client Provisioning Audit" categories to have the Targets field to have LogCollector selected at a minimum. If the environment has an additional SYSLOG server, it can be selected here as well.