Cisco ASA Series Cli Configuration Manual page 935

Chapter 1 Configuring the ASA to Integrate with Cisco TrustSec
Feature History for the ASA-Cisco TrustSec Integration
Table 1-3 lists each feature change and the platform release in which it was implemented.
Table 1-3 Feature History for the ASA-Cisco TrustSec Integration
Feature Name
Cisco TrustSec Integration
Feature History for the ASA-Cisco TrustSec Integration
Platform
Releases Feature Information
9.0(1) Cisco TrustSec provides an access-control solution that
builds upon an existing identity-aware infrastructure to
ensure data confidentiality between network devices and
integrate security access services on one platform. In the
Cisco TrustSec solution, enforcement devices utilize a
combination of user attributes and end-point attributes to
make role-based and identity-based access control
decisions.
In this release, the ASA integrates with Cisco TrustSec to
provide security group based policy enforcement. Access
policies within the Cisco TrustSec domain are
topology-independent, based on the roles of source and
destination devices rather than on network IP addresses.
The ASA can utilize the Cisco TrustSec solution for other
types of security group based policies, such as application
inspection; for example, you can configure a class map
containing an access policy based on a security group.
We introduced or modified the following commands:
access-list extended, cts sxp enable, cts server-group, cts
sxp default, cts sxp retry period, cts sxp reconciliation
period, cts sxp connection peer, cts import-pac, cts
refresh environment-data, object-group security,
security-group, show running-config cts, show
running-config object-group, clear configure cts, clear
configure object-group, show cts, show object-group,
show conn security-group, clear cts, debug cts.
Cisco ASA Series CLI Configuration Guide
1-31