Check: CSCO-NM-000330
Cisco ISE NDM STIG:
CSCO-NM-000330
(in version v2 r2)
Title
The Cisco ISE must conduct configuration and operational backups when changes are made or must schedule backups weekly, at a minimum. (Cat III impact)
Discussion
If this information is not backed up and a system failure was to occur, the security settings would be difficult to reconfigure quickly and accurately, thus increasing adverse impact of the outage. There are two types of ISE backups: Configuration backup and operational backup. This requirement pertains to the configuration. Since the administrator may forget to immediately backup each time changes are made, a scheduled weekly backup is a best practice and preferred. However, there may be operational impacts for the scheduling option that necessitate immediate backup after configuration changes method be used.
Check Content
Review the SSP to see the site's network device backup policy. 1. Navigate to Administration >> System >> Backup and Restore. 2. Check the Cisco ISE backup log to verify regular backups are being performed. If configuration and operational backups are not being performed when changes are made and/or scheduled weekly (at a minimum), this is a finding.
Fix Text
1. To configure a repository, navigate to Administration >> System >> Maintenance > Repository. 2. Click "Add". 3. Provide a Repository Name and choose SFTP (recommended) or a secure protocol. Then enter Server Name, Path, User Name, and Password, and click "Submit". The repository must be on another device such as the syslog or SFTP server. On-demand and/or scheduled configuration and operational data backups are as follows: 1. Navigate to Administration >> System >> Backup & Restore. 2. Select "Configuration Data Backup". 3. Provide a Backup Repository Name, Encryption Key, and scheduling information in compliance with SSP. 4. Click "Backup". 5. Repeat steps with Step 2 being the Operational Data Backup option.
Additional Identifiers
Rule ID: SV-242638r1025180_rule
Vulnerability ID: V-242638
Group Title: SRG-APP-000516-NDM-000341
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
Implement the security configuration settings. |
| CCI-000537 |
Conduct backups of system-level information contained in the system per organization-defined frequency that is consistent with recovery time and recovery point objectives. |
| CCI-000539 |
Conduct backups of system documentation, including security-related documentation, per an organization-defined frequency that is consistent with recovery time and recovery point objectives. |