STIGQter STIGQter: STIG Summary: Cisco ISE NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 13 Apr 2021:

For accounts using password authentication, the Cisco ISE must use FIPS-validated SHA-2 or later protocol to protect the integrity of the password authentication process.

DISA Rule

SV-242651r714263_rule

Vulnerability Number

V-242651

Group Title

SRG-APP-000172-NDM-000259

Rule Version

CSCO-NM-000460

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Enable FIPS Mode in Cisco ISE to ensure DRBG is used for all RNG functions.

1. Choose Administration >> System >> Settings >> FIPS Mode.
2. Choose the "Enabled" option from the FIPS Mode drop-down list.
3. Click "Save" and restart the node.

Check Contents

Navigate to Administration >> System >> Settings >> FIPS Mode.

Verify FIPS Mode is enabled.

If the Cisco ISE does not generate unique session identifiers using a FIPS 140-2 approved RNG, this is a finding.

Vulnerability Number

V-242651

Documentable

False

Rule Version

CSCO-NM-000460

Severity Override Guidance

Navigate to Administration >> System >> Settings >> FIPS Mode.

Verify FIPS Mode is enabled.

If the Cisco ISE does not generate unique session identifiers using a FIPS 140-2 approved RNG, this is a finding.

Check Content Reference

M

Target Key

5384

Comments