Table of Contents
Advertisement
In the IBM Integrated Security Solution for Cisco Networks, the collector is called
posture collector
a
posture status determination. The posture data collection part of a posture
collector is the same as in a regular Security Compliance Manager collector, but
the posture status determination part of a posture collector is an extension to the
standard model. A posture collector determines the client posture status by
checking or comparing a
posture data value, which is part of the collector, is inserted into the collector by
editing collector parameters while creating a collector on the Security
Compliance Manager server.
If required posture data values are null in the parameters, the posture
determination part is not executed. Each posture collector stores into the posture
cache:
Collected posture data
Posture status, which is from the set {PASS, FAIL, WARN, ERROR}
Optional posture messages
Zero or more remediation actions
The posture collector also contains appropriate information to be used in order to
remediate any compliance violations.
A posture collector can be called by the Security Compliance Manager server or
by the policy collector on the client, or it can be scheduled.
Note: Organizations having Security Compliance Manager deployed can use
Security Compliance Manager collectors and posture collectors at the same
time, but only posture collectors can trigger posture violations and hence
trigger NAC enforcement. To enforce a compliance policy before a client
connects to the enterprise network, posture collectors have to be deployed
using the IBM Integrated Security Solution for Cisco Networks.
Policy collector
After a posture collector collects all required information from the client system,
the policy collector counts the number of posture collector results that show
noncompliance; this result forms the
policy collector's version information together form the
policy collector also receives back the client's posture that is evaluated by the
posture validation server (ACS). Depending on the client's posture status, the
policy collector calls the default
noncompliant items on the client system to the end user.
50
Building a Network Access Control Solution with IBM Tivoli and Cisco Systems
. A posture collector consists of posture data collection and
collected value
violation count
remediation handler
required value
with a
. The violation count and the
posture credentials
to present information about
. The required
. The
Advertisement
Table of Contents
