The Nessus Scanner in our Network has reported a Vulnerability "HSTS Missing From HTTPS Server (RFC 6797)" under the Plugin ID: 142960.
The details about the Vulnerability are mentioned below. I wanted to mitigate this Vulnerability on CISCO ISE Device. Kindly assist with the same.
Synopsis: The remote web server is not enforcing HSTS, as defined by RFC 6797.
Description: The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, and SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
Recommended Solution: Configure the remote web server to use HSTS.
There is no work around for it. Either HSTS is there or it is not. Originally HSTS was seen as an enhancement and not as a vulnerability by vendors, so they chose not to implement it. Then Nessus and other variables came up where it started to come out in the newer releases.
In this case, you would have to upgrade to a newer code that supports HSTS. Testing an upgrade in your lab and scanning it would probably give you the best results for determining the right path to go down.