The Cisco ISE must send an alert to the Information System Security Manager (ISSM) and System Administrator (SA), at a minimum, when security issues are found that put the network at risk. This is required for compliance with C2C Step 2.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-242584 | CSCO-NC-000100 | SV-242584r812750_rule | CCI-000213 | medium |
| Description | ||||
| Trusted computing should require authentication and authorization of both the user's identity and the identity of the computing device. An authorized user may be accessing the network remotely from a computer that does not meet DoD standards. This may compromise user information, particularly before or after a VPN tunnel is established. | ||||
| STIG | Date | |||
| Cisco ISE NAC Security Technical Implementation Guide | 2024-09-10 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-3
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.1.1
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.1.2
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000213
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-242584r812750_chk)
If DoD is not at C2C Step 2 or higher, this is not a finding.
If not required by the NAC SSP, this is not a finding.
Verify that an alarm will be generated and sent when an endpoint has a change in posture status.
From the Web Admin portal:
1. Choose Administration >> System >> Logging >> Logging Categories.
2. Verify the "AAA Audit", "Failed Attempts", and "Posture and Client Provisioning Audit" have LogCollector set as a target at a minimum.
If the Posture and Client Provisioning Audit logging category is not configured to send to the LogCollector and/or another logging target, this is a finding.
Fix Text (F-45816r803538_fix)
If required by the NAC SSP, configure an alarm to be generated and sent when an endpoint has a change in posture status.
From the Web Admin portal:
1. Choose Administration >> System >> Logging >> Logging Categories.
2. Configure the "AAA Audit", "Failed Attempts", and "Posture and Client Provisioning Audit" categories to have the Targets field to have LogCollector selected at a minimum. If the environment has an additional SYSLOG server, it can be selected here as well.