An error occurred:

Cisco ISE NDM STIG Version Comparison

Cisco ISE NDM Security Technical Implementation Guide

Comparison

There are 6 differences between versions v2 r1 (July 24, 2024) (the "left" version) and v2 r3 (Jan. 5, 2026) (the "right" version).

Check CSCO-NM-000320 was removed from the benchmark in the "right" version. The text below reflects the old wording.

This check's original form is available here.

Text Differences

Title

The Cisco ISE must be configured to conduct backups of system level information contained in the information system when changes occur.

Check Content

Navigate to Administration >> System >> Backup and Restore. Ensure that configuration data backups are scheduled for weekly intervals or in accordance with the site's SSP. If backups of the confiuration data are not made when when changes occur or in accordance with the site's SSP, this is a finding.

Discussion

System-level information includes default and customized settings and security attributes, including ACLs that relate to the network device configuration, as well as software required for the execution and operation of the device. Information system backup is a critical step in ensuring system integrity and availability. If the system fails and there is no backup of the system-level information, a denial of service condition is possible for all who utilize this critical network component. This control requires the network device to support the organizational central backup process for system-level information associated with the network device. This function may be provided by the network device itself; however, the preferred best practice is a centralized backup rather than each network device performing discrete backups. The Cisco ISE uses the CLI backup command to backup of system level information. However, the best practice is to use configuration backup products such as Tivoli, NCM, and FCM. Configuration for the backup is accomplished on the backup device, not on the Cisco. These products can be configured to either backup all files or just the rollback files which are saved each time a commit is executed. Save changes made to the running configuration to the startup configurations these changes will not be lost when the system is restarted.

Fix

Navigate to Administration >> System >> Backup and Restore. 1. Select the "Schedule" option next to configuration Data Backup. 2. Ensure a weekly scheduled backup is configured (or in accordance with the site's SSP).