D-47
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Appendix D CSUtil Database Utility
Posture Validation Attributes
•attribute-name—A string, the attribute name appears in the Cisco Secure
ACS HTML interface and logs for the associated posture validation attribute.
For example, if the vendor ID is 9, the application ID is 1, and the attribute
ID is 1, the attribute name is “Application-Posture-Token”.
•attribute-profile—A string, the attribute profile specifies whether
Cisco Secure ACS can send the attribute in a posture validation response, can
receive the attribute in a posture validation request, or can both send and
receive the attribute during posture validation. Valid values for
attribute-profile are:
–
in—Cisco Secure ACS accepts the attribute in posture validation
requests and can log the attribute, and you can use it in local policy rule
definitions. Attributes with an “in” attribute-profile are also known as
inbound attributes.
–
out—Cisco Secure ACS can send the attribute in posture validation
responses but you cannot use it in local policy rule definitions. Attributes
with an “out” attribute-profile are also known as outbound attributes. The
only outbound attributes that you can configure Cisco Secure ACS to log
are the attributes for Application Posture Tokens and System Posture
Tokens; however, these are system-defined attributes that you cannot
modify.
–
in out—Cisco Secure ACS both accepts the attribute in posture
validation requests and can send the attribute in posture validation
responses. Attributes with an “in out” attribute-profile are also known as
both inbound and outbound attributes.
•attribute-type—A string, the attribute type specifies the kind of data that is
valid in the associated attribute. For attributes whose attribute-profile is in or
in out, the attribute-type determines the types of operators available for
defining local policy rules that use the attribute. An example of an inbound
attribute is the ServicePacks attribute sent by CTA. An example of an
outbound attribute is the System-Posture-Token attribute, sent to CTA.
Valid values of attribute-type are:
–
boolean
–
string
–
integer
–
unsigned integer
–
ipaddr