What feature of a Cisco ISE deployment allows you to validate and maintain security capability for endpoints?

The feature that allows you to validate and maintain security capability for endpoints is posture assessment. Posture assessment in Cisco Identity Services Engine (ISE) is a process that evaluates the security state of an endpoint before granting it access to the network. This involves checking whether the device meets specific security requirements, such as having up-to-date antivirus software, appropriate system patches, and being configured correctly according to the organizational security policies.

Posture assessment ensures that only compliant devices can connect to the network or can limit the access of non-compliant devices, thereby maintaining a secure environment. It continuously assesses the endpoint’s compliance status, and if there are any changes, it can trigger a re-evaluation to ensure ongoing compliance.

In contrast, profiling focuses on identifying and classifying devices on the network, change of authorization pertains to dynamically modifying a user's access based on policy changes during a session, and device onboarding refers to the process of securely registering devices on the network. While these features are integral to Cisco ISE's overall functionality, they do not specifically address the ongoing validation and maintenance of security capabilities for endpoints like posture assessment does.