STIGQter: STIG Summary: Cisco ISE NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

The Cisco ISE must change the password for the local CLI and web-based account when members who have access to the password leave the role and are no longer authorized access.

DISA Rule

SV-242608r714134_rule

Vulnerability Number

V-242608

Group Title

SRG-APP-000317-NDM-000282

Rule Version

CSCO-NM-000020

Severity

CAT II

CCI(s)

• CCI-002142 - The information system terminates shared/group account credentials when members leave the group.

Weight

10

Fix Recommendation

Generate Automatic Password for Users and Administrators (or generate using other encryption method).

Navigate to Administrators—Administration >> System >> Admin Access >> Administrators >> Admin Users.

Select the CLI and the web Admin users and select the option to generate the password.

Document the generated password and secure it for emergency use as an Account of Last Resort. Do not share with other Admins unless necessary.

Check Contents

Verify by viewing site SSP to view that there is a procedure that requires password change with administrators leave the group.

If Cisco ISE does not change the password for the local CLI and web-based account when members who have access to the password leave the role and are no longer authorized access, this is a finding.

Vulnerability Number

V-242608

Documentable

False

Rule Version

CSCO-NM-000020

Severity Override Guidance

Verify by viewing site SSP to view that there is a procedure that requires password change with administrators leave the group.

If Cisco ISE does not change the password for the local CLI and web-based account when members who have access to the password leave the role and are no longer authorized access, this is a finding.

Check Content Reference

M

Target Key

5384

Comments