MACsec negotiation is an option in ISE Authorization Profiles:
However I'm unaware of an ISE audit mechanism since we tell the switch the MACsec policy and it is for the switch to enforce with the endpoint. You might see if there are SYSLOGs thrown from the switch for MACsec negotiation and collect those on a central server for reporting.
