Mandiant Security Remediation
Project Summary
Consolidated remediation program for findings from Google/Mandiant penetration tests conducted at CHLA. January 2026 assessment identified critical posture redirect ACL vulnerability and ISE XXE CVE. Q2 2026 assessment brings additional findings. This project tracks all workstreams from finding through remediation to validation.
Status
| Workstream | Description | Status | Notes |
|---|---|---|---|
Jan 2026 Assessment |
External (Jan 13-16) + Internal (Jan 19-23) pentest |
✅ Done |
Findings documented, remediation in progress |
Posture ACL Remediation |
PENTEST-POSTURE-ACL-001 — strip Kerberos/SMB/LDAP from redirect ACL |
🟡 In progress |
CR drafted, awaiting approval. Zero-trust ACL designed. |
ISE CVE Patching |
CVE-2026-20029 XXE — upgrade to ISE 3.2 Patch 8 |
⚠️ Verify |
Scheduled Feb 10-12. Confirm completion status. |
dACL Enforcement |
Downloadable ACL deployment across wired/wireless |
🟡 In progress |
V5 dACL tested in home lab. Production deployment pending. |
MSCHAPv2 Deprecation |
6,088 devices migrating to certificate-based auth |
🟡 In progress |
5-wave deployment. See MSCHAPv2 Migration Project. |
Apr 2026 Assessment |
New Q2 assessment — additional findings |
❌ Not started |
Placeholder — findings to be added when received |
Validation & Close-out |
Verify all remediations, re-test, document |
❌ Not started |
— |
| Field | Value |
|---|---|
PRJ ID |
PRJ-2026-01-mandiant-remediation |
Author |
Evan Rosado |
Created |
2026-01-18 |
Updated |
2026-04-06 |
Status |
Active — Posture ACL remediation + Q2 assessment in progress |
Category |
Security Remediation / Penetration Test Response |
Priority |
P0 (critical security infrastructure) |
Engagement |
Google/Mandiant — External (Jan 13-16) + Internal (Jan 19-23) |
Stakeholders |
CISO (Sarah), InfoSec team, Network Engineering |