Cisco Cisco FirePOWER Appliance 7010
50-23
FireSIGHT System User Guide
Chapter 50 Managing System Policies
Configuring a System Policy
Caution
You cannot disable this setting without assistance from Support. In addition, this setting may
substantially impact the performance of your system. Cisco does not recommend enabling STIG
compliance except to comply with Department of Defense security requirements.
substantially impact the performance of your system. Cisco does not recommend enabling STIG
compliance except to comply with Department of Defense security requirements.
To enable STIG compliance:
Access:
Admin
Step 1
Select
System > Local > System Policy
.
The System Policy page appears.
Step 2
You have the following options:
•
To modify the time settings in an existing system policy, click the edit icon (
) next to the system
policy.
•
To configure the time settings as part of a new system policy, click
Create Policy
.
Provide a name and description for the system policy as described in
, and click
Save
.
In either case, the Access List page appears.
Step 3
Click
STIG Compliance
.
The STIG Compliance page appears.
Step 4
If you want to permanently enable STIG compliance on the appliance, select
Enable STIG Compliance
.
Caution
You cannot disable STIG compliance on an appliance after you apply a policy with STIG compliance
enabled. If you need to disable compliance, contact Support.
enabled. If you need to disable compliance, contact Support.
Step 5
Click
Save Policy and Exit
.
The system policy is updated. Your changes do not take effect until you apply the system policy. See
for more information.
When you apply a system policy that enables STIG compliance to an appliance, note that the appliance
reboots. Note that if you apply a system policy with STIG enabled to an appliance that already has STIG
enabled, the appliance does not reboot.
reboots. Note that if you apply a system policy with STIG enabled to an appliance that already has STIG
enabled, the appliance does not reboot.
In addition, you need to re-register devices after enabling STIG compliance if the devices were upgraded
from versions earlier than Version 5.2.0.
from versions earlier than Version 5.2.0.
Synchronizing Time
License:
Any
You can manage time synchronization on the appliance using the Time Synchronization page. You can
choose to synchronize the time:
choose to synchronize the time:
•
manually
•
using one or more NTP servers (one of which can be a Defense Center)