3.1. Policy and the NAC Lifecycle
Any NAC solution will go through five steps in determining the level of access provided to a user or machine:
Assess
Evaluate
Remediate
Enforce
Monitor
You must incorporate continual updates to policy into every step, ensuring that while the security and access control needs of your organization change, so too do the policies and actions that your NAC deployment takes. These necessary changes will help you to refine your NAC lifecycle as business needs change.
Figure 3-1 shows these steps in the NAC lifecycle. In the shaded area, you define the security policy that ultimately determines how your organization implements every step in the NAC process.
NOTE
Your NAC implementation has very little hope of being successful unless your organization has plans and goals in place.
When rolling out NAC across your organization, you need to understand the implications of your corporate security policy and its impact on NAC, shown in the shaded area of Figure 3-1. NAC is the key component of your corporate security policy when it comes to how you handle access control on your corporate networks.
|
For the first step in the lifecycle, the NAC implementation team reviews the corporate security policy and, from that document, develops a more detailed policy and implementation plan for your NAC deployment. ...
Get Network Access Control For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
