Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

Cisco Employee

ISE Posture checks for multiple vendors

I have a use case where our ISE deployment will need to authenticate computers from many different contractors and vendors (the computers will not be corporate managed). The security policy that we have dictates that full disk encryption, up-to-date patching, up-to-date anti-virus, and an enabled firewall are all present on the endpoint.

The question is as follows; is there a way to have a posture condition that includes *all* disk encryption vendors? In this use case it doesn't matter if the encryption is Bitlocker, Symantec PGP, McAfee, etc., just that encryption is enabled. The same goes for the A/V and Firewall. We don't necessarily care which software vendor is being used, just that it is present, activated and up-to-date.

With the wide variety of vendors and contractor computers coming onto the network it will be difficult to create conditions for each of the different vendors and scenarios for encryption, AV and FW.


Accepted Solutions

There is an ANY option for Anti-Malware and for Firewall, but not Disk Encryption today. 

View solution in original post

Cisco Employee

I have a use case similar where the customer is looking to conduct posture assessment for contractors entering the network. They are concerned with whether or not any Anti-Malware is installed, and whether the contractor has any public file sharing applications on the endpoint.

We've set up a small lab for the testing and found that while we could define conditions by category, those conditions did not have an effect on the compliance status, just merely for reporting. Ideally, when you defined conditions by category, it would be tied to compliance status, so if any of those applications in a given category were present on the endpoint, the user would be non-compliant. 

Yes, we know that posture compliance works when defining conditions by name, but that use case does not work for contractors when you have no set vendor or application set.

There is an ANY option for Anti-Malware and for Firewall, but not Disk Encryption today. 

View solution in original post

Content for Community-Ad