https://community.cisco.com/t5/network-access-control/ise-network-access-security-policy-document-high-low/m-p/2493091#M73272 <P>You can download Cisco ISE High Level design document template from the following link</P><P>ATP Partner Resource Center</P><P>http://www.ciscosecurityatp.com/login.asp?strReturn=/index.asp</P> Wed, 17 Sep 2014 12:48:40 GMT Venkatesh Attuluri 2014-09-17T12:48:40Z https://community.cisco.com/t5/network-access-control/ise-network-access-security-policy-document-high-low/m-p/2493090#M73271 <P>Has anybody created the High and Low level designs for the NASP?</P><P>&nbsp;</P><P>This is my first time and its always easier to have a template to work off of than to reinvent the wheel. &nbsp;An incomplete example is displayed below but I was hoping someone had a complete one of high and low.</P><P>&nbsp;</P><P>Employee Authorization Rule<BR />Table of Contents for Employee Security Policy:<BR />I. Members pg. xxx<BR />II. Acceptable Use Policy pg. xxx<BR />III. Windows 7 Security Requirements pg. xxx<BR />1. Approved AV Installed &amp; Up-to-date pg. xxx<BR />a. Security checks pg. xxx<BR />b. Security rules pg. xxx<BR />IV. Network Access Permissions pg. xxx<BR />1. VLAN Segmentation pg. xxx<BR />a. Noncompliant Posture VLAN pg. xxx<BR />b. Access VLAN Name/ID pg. xxx<BR />2. Access Control List pg. xxx<BR />3. SmartPort Macro pg. xxx<BR />4. Security Group Tag number pg. xxx<BR />...<BR />IV. Network Access Permissions<BR />1. VLAN Segmentation – Yes<BR />a. Noncompliant Posture VLAN = quarantine-vlan/100<BR />b. Access VLAN Name/ID = employees/10<BR />2. Access Control List – Yes<BR />a. Compliant ACL = permit All IP<BR />b. Noncompliant ACL =<BR />5 Permit TCP from any to “AUP web server” equaling 80<BR />Description: Allow anyone to access the acceptable use policy link<BR />64 Cisco ISE for BYOD and Secure Unified Access<BR />10 Permit TCP from any to “Link based remediation resources” equaling 80 &amp; 443<BR />Description: Allow web traffic to the appropriate remediation resources<BR />20 Permit TCP from any to “file based remediation” equaling 80 &amp; 443<BR />Description: Allow web traffic to the cam for remediation file distribution<BR />30 Permit UDP from any to “dmz DNS Server” equaling DNS<BR />Description: Allow DNS only to the dmz dns server<BR />40 Deny IP from any to any<BR />Description: Block everything else<BR />3. SmartPort Macro – no<BR />4. Security Group Tag number – 10</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 11 Mar 2019 04:59:30 GMT https://community.cisco.com/t5/network-access-control/ise-network-access-security-policy-document-high-low/m-p/2493090#M73271 nathan demers 2019-03-11T04:59:30Z https://community.cisco.com/t5/network-access-control/ise-network-access-security-policy-document-high-low/m-p/2493091#M73272 <P>You can download Cisco ISE High Level design document template from the following link</P><P>ATP Partner Resource Center</P><P>http://www.ciscosecurityatp.com/login.asp?strReturn=/index.asp</P> Wed, 17 Sep 2014 12:48:40 GMT https://community.cisco.com/t5/network-access-control/ise-network-access-security-policy-document-high-low/m-p/2493091#M73272 Venkatesh Attuluri 2014-09-17T12:48:40Z https://community.cisco.com/t5/network-access-control/ise-network-access-security-policy-document-high-low/m-p/3182662#M73273 <P>Here you go mate, follow this templet and you'll be alright</P><P><A href="https://communities.cisco.com/docs/DOC-63812" target="_blank">https://communities.cisco.com/docs/DOC-63812</A></P> Mon, 11 Sep 2017 19:42:20 GMT https://community.cisco.com/t5/network-access-control/ise-network-access-security-policy-document-high-low/m-p/3182662#M73273 Nav_Mad 2017-09-11T19:42:20Z