Title

The Cisco ISE must be configured to conduct backups of system level information contained in the information system when changes occur. (Cat II impact)

Discussion

System-level information includes default and customized settings and security attributes, including ACLs that relate to the network device configuration, as well as software required for the execution and operation of the device. Information system backup is a critical step in ensuring system integrity and availability. If the system fails and there is no backup of the system-level information, a denial of service condition is possible for all who utilize this critical network component. This control requires the network device to support the organizational central backup process for system-level information associated with the network device. This function may be provided by the network device itself; however, the preferred best practice is a centralized backup rather than each network device performing discrete backups. The Cisco ISE uses the CLI backup command to backup of system level information. However, the best practice is to use configuration backup products such as Tivoli, NCM, and FCM. Configuration for the backup is accomplished on the backup device, not on the Cisco. These products can be configured to either backup all files or just the rollback files which are saved each time a commit is executed. Save changes made to the running configuration to the startup configurations these changes will not be lost when the system is restarted.

Check Content

Navigate to Administration >> System >> Backup and Restore. Ensure that configuration data backups are scheduled for weekly intervals or in accordance with the site's SSP. If backups of the confiuration data are not made when when changes occur or in accordance with the site's SSP, this is a finding.

Fix Text

Navigate to Administration >> System >> Backup and Restore. 1. Select the "Schedule" option next to configuration Data Backup. 2. Ensure a weekly scheduled backup is configured (or in accordance with the site's SSP).

Additional Identifiers

Rule ID: SV-242637r916221_rule

Vulnerability ID: V-242637

Group Title: SRG-APP-000516-NDM-000340

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.