Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
347
Views
2
Helpful
2
Replies

Module Types

ryanbess
Level 1
Level 1

‎08-01-2024 12:28 PM

Again thanks for everyone who's been helping me on the way to get up to speed on ISE.  Hopefully not a dumb question and couldn't find a good link with a quick google search.  Can someone tell me what the difference is between the

1. Cisco AnyConnect ISE Posture Module

2. Cisco Secure Client - ISE Compliance Module 

Labels:
Preview file
19 KB
0 Helpful
2 Replies 2

Arne Bier
VIP
VIP

‎09-09-2024 02:10 PM

I'd hazard a guess and say that they are the same thing, but due to the naming change since version 5 arrived, you now have 

Version 4 "Anyconnect" Posture Module

Version 5 "Secure Client" Compliance Module

0 Helpful

Greg Gibbs
Cisco Employee
Cisco Employee

‎09-09-2024 03:33 PM

Here's an accurate comparison of the Posture Module versus the Compliance Module from ChatGPT:

The Cisco Identity Services Engine (ISE) uses several modules to manage endpoint security, among which the Posture Module and the Compliance Module are important components. Here's how they differ:

1. Cisco ISE Posture Module:

  • Purpose: This module ensures that endpoint devices (such as laptops, desktops, or mobile devices) meet specific security requirements before being allowed access to the network.
  • Function: It evaluates the device's security posture by checking for criteria like installed antivirus software, up-to-date patches, presence of a firewall, disk encryption, or specific application settings.
  • Process:
    • A posture assessment is conducted when an endpoint tries to connect to the network.
    • Based on the results, ISE decides whether to grant, limit, or deny network access.
    • If a device is non-compliant, it might be redirected to a remediation portal where necessary updates or configurations can be made.
  • Scope: Posture assessment occurs in real-time when the device is trying to access the network.

2. Cisco ISE Compliance Module:

  • Purpose: This module ensures that the ISE Posture Module functions properly by providing the necessary libraries and updates required for posture assessment.
  • Function: The Compliance Module is responsible for keeping the posture assessment mechanisms up-to-date with new operating systems, patches, antivirus, and anti-malware databases.
  • Process:
    • It periodically updates the posture agent with the latest requirements for security checks.
    • This ensures that the Posture Module can effectively validate compliance across a variety of devices and OS versions.
  • Scope: It works in the background to ensure the posture assessment mechanism is updated and able to detect compliance for a wide array of security parameters.

Key Differences:

  • Posture Module: Actively evaluates the security state of devices to determine if they meet network security requirements.
  • Compliance Module: Provides the necessary data, libraries, and updates to ensure that the Posture Module can accurately perform its evaluations.

In short, the Posture Module is the enforcement engine, while the Compliance Module is the update provider that keeps the enforcement accurate and current.

Customers Also Viewed These Support Documents