Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1803
Views
30
Helpful
6
Replies

Best Posture Policy

Go to solution
maf_1
Level 1
Level 1

‎02-07-2022 11:38 PM

I am trying to create a posture policy for both wired and wireless. I want it to be as fool proof as possible. What are some of the things that are a must and makes any posture policy great?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎02-09-2022 05:35 AM

Off the top of my head, here are some examples that I have seen to ensure compliance:

-browser version checks

-domain registry check to ensure computer is a domain client

-windows registry check to ensure client is running supported version

-windows cumulative patch check

-3rd party sw services are running; example: McAfee AV, HIPS, Agent all present and running on client

-secure boot check

-3rd party agents for other things installed & running; example: nessus agent

HTH!

View solution in original post

6 Replies 6

Go to solution
Kasun Bandara
VIP
VIP

‎02-07-2022 11:54 PM

Hi,

you must check for AV, AV update and OS update in first level. 

then you can do some custom check such as applications related your organization, required REG keys, etc.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

Go to solution
maf_1
Level 1
Level 1
In response to Kasun Bandara

‎02-09-2022 12:57 AM

can we, thru ISE check what apps are running on one's PC?

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎02-08-2022 03:29 AM

I would start with taking a look at this: ISE Posture Prescriptive Deployment Guide - Cisco Community

The posture solution has tons of options that can be utilized to determine endpoint compliance status.  In the link shared take a look at the 'Windows Posture Assessment Options' & 'macOS Posture Assessment Options'.  Then from there IMO your best bet is to determine with the appropriate folks what is desired in your environment.  HTH!

Go to solution
maf_1
Level 1
Level 1
In response to Mike.Cifelli

‎02-09-2022 12:59 AM

hello Mike,

I have been thru that link previously. What I wanted to ask was what are some of the things that MUST be there in any posture policy regardless of the organization. 

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎02-09-2022 05:35 AM

Off the top of my head, here are some examples that I have seen to ensure compliance:

-browser version checks

-domain registry check to ensure computer is a domain client

-windows registry check to ensure client is running supported version

-windows cumulative patch check

-3rd party sw services are running; example: McAfee AV, HIPS, Agent all present and running on client

-secure boot check

-3rd party agents for other things installed & running; example: nessus agent

HTH!

Go to solution
maf_1
Level 1
Level 1
In response to Mike.Cifelli

‎03-08-2022 02:44 AM

wow. that's what i was looking for. any document on how this can be implemented? also, do you have any more suggestions to make it more robust?

Customers Also Viewed These Support Documents