Anyone running Policy Compliance scans on Cisco Equipment? If so, what policies are you using? CIS? HITRUST?
Have you had any authentication issues when doing scanning of Cisco?
Any feedback would be appreciated.
We don't have Policy Compliance, but we do have SCA and we've done scans of Cisco equipment. We had existing credentials defined for those devices for VM scans, so we just used the same credentials for SCA. We're using the CIS policy for Cisco IOS 15. I haven't seen any issues, but I also don't follow that process as closely as I do VM.
Thanks Jordan. Do you mind me asking what SCA tool you are using? You can direct email me if you want.
We have an issue with authenticating to the Cisco Nexus. Support/Engineering is reviewing the case.
I use Qualys' SCA module. It's their 'Policy Compliance Lite' module. Basically it lets you do CIS policy scans, but you can't write your own checks. You can modify the check value of an existing check, or you can disable a check altogether. There's also no exception workflow. The way we're performing scans in SCA though should be the same technically to how you would perform a scan in PC.
Retrieving data ...