Cisco Cisco Firepower Management Center 4000
50-22
FireSIGHT System User Guide
Chapter 50 Managing System Policies
Configuring a System Policy
Step 7
Enter a username in the
Username
field.
Step 8
Select the protocol you want to use for authentication from the
Authentication Protocol
drop-down list.
Step 9
Type the password required for authentication with the SNMP server in the
Authentication Password
field.
Step 10
Retype the authentication password in the
Verify Password
field just below the
Authentication Password
field.
Step 11
Select the privacy protocol you want to use from the
Privacy Protocol
list, or select
None
to not use a
privacy protocol.
Step 12
Type the SNMP privacy key required by the SNMP server in the
Privacy Password
field.
Step 13
Retype the privacy password in the
Verify Password
field just below the
Privacy Password
field.
Step 14
Click
Add
.
The user is added. You can repeat steps
through
to add additional users. Click the delete icon (
)
to delete a user.
Step 15
Click
Save Policy and Exit
.
The system policy is updated. Your changes do not take effect until you apply the system policy. See
Enabling STIG Compliance
License:
Any
Organizations within the United States federal government sometimes need to comply with a series of
security checklists set out in Security Technical Implementation Guides (STIGs). The STIG Compliance
option enables settings intended to support compliance with specific requirements set out by the United
States Department of Defense.
security checklists set out in Security Technical Implementation Guides (STIGs). The STIG Compliance
option enables settings intended to support compliance with specific requirements set out by the United
States Department of Defense.
If you enable STIG compliance on any appliances in your deployment, you must enable it on all
appliances. Non-compliant managed devices cannot be registered to STIG-compliant Defense Centers
and STIG-compliant devices cannot be registered to non-compliant Defense Centers.
appliances. Non-compliant managed devices cannot be registered to STIG-compliant Defense Centers
and STIG-compliant devices cannot be registered to non-compliant Defense Centers.
Enabling STIG compliance does not guarantee strict compliance to all applicable STIGs. For more
information on FireSIGHT System STIG compliance when using this mode for this version of the
product, contact Support to obtain a copy of the FireSIGHT System STIG Release Notes for Version
5.3.1.
information on FireSIGHT System STIG compliance when using this mode for this version of the
product, contact Support to obtain a copy of the FireSIGHT System STIG Release Notes for Version
5.3.1.
When you enable STIG compliance, password complexity and retention rules for local shell access
accounts change. For more information on these settings, see the FireSIGHT System STIG Release
Notes for Version 5.3.1. In addition, you cannot use
accounts change. For more information on these settings, see the FireSIGHT System STIG Release
Notes for Version 5.3.1. In addition, you cannot use
ssh
remote storage when in STIG compliance mode.
Note that applying a system policy with STIG compliance enabled forces appliances to reboot. If you
apply a system policy with STIG enabled to an appliance that already has STIG enabled, the appliance
does not reboot. If you apply a system policy with STIG disabled to an appliance that has STIG enabled,
STIG remains enabled and the appliance does not reboot.
apply a system policy with STIG enabled to an appliance that already has STIG enabled, the appliance
does not reboot. If you apply a system policy with STIG disabled to an appliance that has STIG enabled,
STIG remains enabled and the appliance does not reboot.
For appliances upgraded from versions earlier than Version 5.2.0, applying a policy with compliance
enabled also regenerates appliance certificates, so you will need to re-register already registered
managed devices or peers.
enabled also regenerates appliance certificates, so you will need to re-register already registered
managed devices or peers.