https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5313441#M597454 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/322908">@cheng.cathy</a>&nbsp;</P> <P><SPAN>It doesn't have to meet all these three polices to be marked as compliant.&nbsp;The client will be marked as compliant if any of this policies does meet. is it correct?</SPAN></P> <P>Correct' ISE will check policy from top to down' first policy all conditions is meet is check other is skip</P> <P>MHM</P> Thu, 24 Jul 2025 09:01:44 GMT MHM Cisco World 2025-07-24T09:01:44Z https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5307630#M597192 <P><SPAN>When defining a posture policy, if we have 3 separate policies&nbsp; with the same conditions {id group, operating system, other conditions}, one with requirements for AV and one is Anti-spyware and another one is Anti-Malware.</SPAN></P><P><SPAN>&nbsp; It doesn't have to meet all these three polices to be marked as compliant.&nbsp;The client will be marked as compliant if any of this policies does meet. is it correct?</SPAN></P> Thu, 10 Jul 2025 04:11:28 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5307630#M597192 cheng.cathy 2025-07-10T04:11:28Z https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5310627#M597328 <P>I am just getting started in the posture world so I might be off, but it depends on how you have your policy set if audit, optional or mandatory.&nbsp; &nbsp;If its audit or optional it will still mark as compliant even if not.&nbsp; If set to mandatory, if it fails any of those conditions it will be marked as non-compliant.&nbsp;&nbsp;</P> Thu, 17 Jul 2025 13:16:08 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5310627#M597328 robertwilkinson1 2025-07-17T13:16:08Z https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5310633#M597330 <P>more info will share<BR />update soon</P> <P>MHM</P> Wed, 23 Jul 2025 13:06:26 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5310633#M597330 MHM Cisco World 2025-07-23T13:06:26Z https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5310651#M597332 <P>The way I understood their question is more on the posture policy config versus the policy set for mab/dot1x side where the authz rules are used.&nbsp; &nbsp;Posture has it's own policy set to follow for that function</P><P>&nbsp;</P> Thu, 17 Jul 2025 14:42:17 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5310651#M597332 robertwilkinson1 2025-07-17T14:42:17Z https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5310674#M597336 <P>more info update soon&nbsp;<BR />thanks&nbsp;</P> <P>MHM</P> <P>&nbsp;</P> Wed, 23 Jul 2025 13:07:07 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5310674#M597336 MHM Cisco World 2025-07-23T13:07:07Z https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5313441#M597454 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/322908">@cheng.cathy</a>&nbsp;</P> <P><SPAN>It doesn't have to meet all these three polices to be marked as compliant.&nbsp;The client will be marked as compliant if any of this policies does meet. is it correct?</SPAN></P> <P>Correct' ISE will check policy from top to down' first policy all conditions is meet is check other is skip</P> <P>MHM</P> Thu, 24 Jul 2025 09:01:44 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5313441#M597454 MHM Cisco World 2025-07-24T09:01:44Z https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5313550#M597456 <P>No, that is not correct. If you have three separate posture policies with identical conditions (ID group, operating system, other conditions) but distinct requirements (AV, Anti-spyware, Anti-Malware), a client must typically satisfy all applicable policies to be marked as compliant. Posture policies are generally evaluated conjunctively, meaning all defined conditions and requirements within the scope of the client must be met for overall compliance, unless the policy system explicitly offers an "OR" logical grouping option for requirements, which is not the standard behavior for independent policies.</P> Thu, 24 Jul 2025 12:17:14 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-posture-policy-match-orders/m-p/5313550#M597456 elvera33ford 2025-07-24T12:17:14Z