Specifications
9-83
Cisco NAC Appliance - Clean Access Manager Configuration Guide
OL-28003-01
Chapter 9 Configuring Cisco NAC Appliance for Agent Login and Client Posture Assessment
Configuring Agent-Based Posture Assessment
Figure 9-41 Example Mac OS X Agent Assessment Report Local Check Requirement Display
Step 3 Choose an Enforce Type from the dropdown menu:
• Mandatory—Enforce requirement.The user is informed of this requirement and cannot proceed or
have network access unless the client system meets it.
• Optional— Do not enforce requirement. The user is informed of the requirement but can bypass it
if desired (by clicking Next/Skip in the Agent dialog). The client system does not have to meet the
requirement for the user to proceed or have network access.
• Audit—Silently audit. The client system is checked “silently” for the requirement without notifying
the user, and a report is automatically generated and sent back to the CAS. (Audit requirements do
not appear in the user’s Assessment Report window.) The report results (pass or fail) do not affect
user network access.
Refer to Configuring an Optional/Audit Requirement, page 9-94 for more details.
Step 4 Specify the Priority of the requirement. Requirements with the lowest number (e.g “1”) have the highest
priority and are performed first. If a requirement fails, the remediation instructions configured for the
requirement are pushed to the user without additional requirements being tested. Therefore you can
minimize processing time by putting the requirements that are most likely to fail at a higher priority.
Step 5 You can enable and configure Auto Remediation using the Agent for a Link Distribution requirement
type only. Refer to Configuring Auto Remediation for Requirements, page 9-98 for details.
Note The Cisco NAC Web Agent does not support Auto Remediation.
Step 6 The Version field lets you keep track of various versions of a requirement. This is particularly useful
when there are updates to the required software. You can use any versioning scheme you like, such as
numbers (1, 2, 3), point numbers (1.0), or letters.
Step 7 If you chose File Distribution as the Requirement Type, click Browse next to the File to Upload field
and navigate to the folder where you have the installation file (.exe) for the required software.
Step 8 If you chose Link Distribution as the Requirement Type, enter the URL of the web page where users
can get the install file or patch update in the File Link URL field.
Note The Mac OS X Agent does not support automatic remediation. Therefore, the Remediation functions that
appear on the New Requirement configuration page (Remediation Type, Interval, and Retry Count)
when you choose the AV Definition Update or AS Definition Update requirement types do not serve
any purpose when creating requirements for Macintosh client remediation.
Step 9 For the Requirement Name type a unique name to identify the system requirement. The name will be
visible to users on the Agent dialogs.
Step 10 In the Description field, type a description of the requirement and instructions for the benefit of your
users. Note the following:
• File Distribution displays a Download button on the Agent.
• Link Distribution displays a Go To Link button on the Agent.
• Local Check displays a Re-Scan button on the Agent.