2.5. NAC and Compliance
A litany of compliance regulations (which industry and government entities launch and enforce) scrutinize many companies, as well as their networks, applications, and data. Various compliance regulations may
Prescribe how the company must assure data and network integrity.
Demand that users comply with company security policies.
Mandate companies implement policies that adhere to the regulations and dictate penalties if the company or their users don't meet policy.
2.5.1. The difficult news
Many industry and government regulations have been created, and most of them focus on specific industries or markets. These regulations include Payment Card Industry Data Security Standards (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and Sarbanes-Oxley (SOX), just to name a few. If you Google any of these regulations, you can spend a fun-filled afternoon reading about them.
In many cases, compliance regulations reach around the world, such as PCI DSS; but many countries or world regions also have their own compliance regulations, in addition to worldwide compliance regulations. Many of these national or regional regulations have additional paragraphs and sections that dictate protection for the company, users, and data from unauthorized access, as well as for non-compliance and non-adherence. Particularly if a breach or attack occurs, or if an audit or check is failed, your organization may face severe ramifications — including fines and, in ...
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
