STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 3 hours ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Ivanti Policy Secure NAC Security Technical Implementation Guide

V-284582

CAT I (High)

The Ivanti Policy Secure NAC must enforce approved access by employing post-admissions assessment filters as defined in the NAC System Security Plan (SSP).

Rule ID

SV-284582r1244871_rule

STIG

Ivanti Policy Secure NAC Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000213

Discussion

Successful authentication must not automatically give an entity access to an asset or security boundary. The lack of authorization-based access control could result in the immediate compromise and unauthorized access to sensitive information. Configure a Host Enforcer policy in Ivanti IPS to enforce compliance checks on endpoints that connect to the network. This is typically done to ensure the endpoints meet specific security standards and are up to date with their operating systems and patches. The policy can be applied at the realm level (pre-authentication) or at the role level (post-authentication) to manage access based on compliance. Additionally, configure Host Checker policies to perform health and security checks on endpoints, including antivirus versions, OS versions, and patch checker.

Check Content

If post admissions is not used, this is not applicable.

In the Ivanti Policy Secure Web UI, navigate to Endpoint Policy >> Host Enforcer >> Host Enforcer Policies.

If there are no Host Enforcer Policies created, this is a finding.

Fix Text

1. In the Ivanti Policy Secure Web UI, navigate to Endpoint Policy >> Host Enforcer >> Host Enforcer Policies.
2. Click "New Policy".
3. Type "Name" and "Description".
4. Specify "Resources".
5. Specify "Roles".
6. Specify "Actions" such as Allow/Deny, etc.
7. Click "Save Changes".