STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Cisco ISE NAC Security Technical Implementation Guide

V-242599

CAT II (Medium)

The Cisco ISE must perform continuous detection and tracking of endpoint devices attached to the network. This is required for compliance with C2C Step 1.

Rule ID

SV-242599r812780_rule

STIG

Cisco ISE NAC Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000366

Discussion

Continuous scanning capabilities on the Cisco ISE provide visibility of devices that are connected to the switch ports. The Cisco ISE continuously scans networks and monitors the activity of managed and unmanaged devices, which can be personally owned or rogue endpoints. Because many of today's small devices do not include agents, an agentless discovery is often combined to cover more types of equipment.

Check Content

If DoD is not at C2C Step 1 or higher, this is not a finding.

If not required by the NAC SSP, this is not a finding.

Review the posture settings to ensure Continuous Monitoring Interval is enabled and a value configured. 

From the Web Admin portal:
1. Choose Work Centers >> Posture >> Settings >> Posture General Settings.
2. Verify that "Continuous Monitoring Interval" is enabled and an interval configured. 

If "Continuous Monitoring Interval" is not enabled with an interval defined, this is a finding.

Fix Text

If required by the NAC SSP, configure the posture settings to enable Continuous Monitoring Interval.

From the Web Admin portal:
1. Choose Work Centers >> Posture >> Settings >> Posture General Settings.
2. Check "Continuous Monitoring Interval" and define an interval to enable continuous monitoring.
3. Choose "Save".