Posture token, Version, Violation count – IBM Tivoli and Cisco User Manual

110

Building a Network Access Control Solution with IBM Tivoli and Cisco Systems

focus on how our posture policy, as established by the Tivoli Security Compliance
Manager, interrelates with the Cisco Secure Access Control Server and how its
associated polices form an interlocked security solution (Figure 5-12).

Figure 5-12 Simplified policy interrelations

Posture token

For all of the moving parts and pieces, at the time of this writing

1

, only two pieces

of posture status information are transmitted from the Security Compliance
Manager posture client to the network:

The

version

of the posture policy the client is running. This parameter is a

string value and is established at the time of policy collection. We set this
value in “Establishing the policy collector parameters” on page 104.

The

violation count

, which is the total sum of all violations found by the

posture collector policies assigned to the client.

1

Enhancements may be seen in future releases, including finer-grained posture data transmission.

Network

Resources

SCM

Policy

ACS

Policy

Client Sends posture status

Policy Version

Violation Count

ACS evaluates client status
y

What is health status of workstation?

y

What are the permissions for that
particular health status?

Network Access

Device

ACS

Workstation