Title

For the local account of last resort, the Cisco ISE must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device. (Cat II impact)

Discussion

Display of the DoD-approved use notification before granting access to the network device ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. System use notifications are required only for access via logon interfaces with human users, such as when directly logging in to the device.

Check Content

Determine if the network device is configured to present a DoD-approved banner that is formatted in accordance with DTM-08-060. In the configuration, view the "banner login" configuration. If such a banner is not presented, this is a finding.

Fix Text

Configure the administrative sessions login banner to display when users access the web or CLI interface that appears before and after an administrator logs in. By default, these login banners are disabled. 1. From the web management tool, click on Administration >> System >> Admin Access >> Settings >> Access >> Session. 2. To display the banner message before an administrator logs in, check the Pre-login banner check box and enter the message in the text box. 3. To display the banner message after an administrator logs in, check the Post-login banner check box and enter your message in the text box. 4. Click "Save".

Additional Identifiers

Rule ID: SV-242618r879547_rule

Vulnerability ID: V-242618

Group Title: SRG-APP-000068-NDM-000215

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.