Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CSA - How to create polices based on standards such as HIPPA?

I'm needing to create polices for the standards listed below. Will you point me in the right direction?

FIPS

NIST

EAL or Common Criteria

PCI

Sarbanes-Oxley (SOX)

HIPPA

3 REPLIES
New Member

Re: CSA - How to create polices based on standards such as HIPPA

A policy is a collection of rule modules. A rule module is a collection of rules. The rule module acts as the container for these rules while the policy serves as the unit of attachment to groups. Machines with similar security needs are grouped together and assigned one or more policies that specifically target the needs of the group.When you are creating rules for your rule modules, targeting the needs of machine groupings is central to your overall security plan. You can base these security needs on various criteria. For example, the concerns you have for your web servers may require you to group them separately from your mail servers based on the types of policies each set of servers require. Therefore, you could place your web servers into a common group, create rules that protect those servers from having their cgi files and html files written to (for example), and then attach the policy that contains these rules to the web servers group.

http://www.cisco.com/en/US/docs/security/csa/csa60/user_guide/Policies.html

New Member

Re: CSA - How to create polices based on standards such as HIPPA

Thank you for your response!

Re: CSA - How to create polices based on standards such as HIPPA

I know that for PCI there is actually a pre-defined policy you can get from your local Cisco partner, just ask them to get it from the Cisco Security SE, this can then be imported and you can apply those rules/policies to your hosts. For the other types of regulatory policies you are pretty much on your own, but CSA is flexible enough for you to create rules that can follow almost any regulatory compliance standard that dictates host security in some way.

136
Views
8
Helpful
3
Replies
CreatePlease to create content