What Is Network Access Control?

Network access control, or NAC, solutions support network visibility and access management through policy enforcement on devices and users of corporate networks.

Why is it important to have a NAC solution?

With organizations now having to account for exponential growth of mobile devices accessing their networks and the security risks they bring, it is critical to have the tools that provide the visibility, access control, and compliance capabilities that are required to strengthen your network security infrastructure.

A NAC system can deny network access to noncompliant devices, place them in a quarantined area, or give them only restricted access to computing resources, thus keeping insecure nodes from infecting the network.

What are the general capabilities of a NAC solution?

NAC solutions help organizations control access to their networks through the following capabilities:

  • Policy lifecycle management: Enforces policies for all operating scenarios without requiring separate products or additional modules.
  • Profiling and visibility: Recognizes and profiles users and their devices before malicious code can cause damage.
  • Guest networking access: Manage guests through a customizable, self-service portal that includes guest registration, guest authentication, guest sponsoring, and a guest management portal.
  • Security posture check: Evaluates security-policy compliance by user type, device type, and operating system.
  • Incidence response: Mitigates network threats by enforcing security policies that block, isolate, and repair noncompliant machines without administrator attention.
  • Bidirectional integration: Integrate with other security and network solutions through the open/RESTful API.

Use cases for network access control

NAC for guests/contractors

Whether accounting for contractors, visitors, or partners, organizations use NAC solutions to make sure that non-employees have access privileges to the network that are separate from those of employees.

Cisco Identity Services Engine


NAC for BYOD

The exponential growth in mobile devices has liberated the workforce from their desks and given employees freedom to work remotely from their mobile devices. NAC for BYOD ensures compliance for all employee owned devices before accessing the network.

Cisco Identity Services Engine


NAC for the Internet of Things

IoT devices, whether they be in manufacturing, healthcare, or other industries, are growing exponentially and serve as additional entry points for attackers to enter the network. NAC can reduce these risks in IoT devices by applying defined profiling and access policies for various device categories.

Cisco IoT Threat Defense


NAC for incidence response

NAC vendors can share contextual information (for example, user ID or device type) with third-party security components. They can respond to cybersecurity alerts by automatically enforcing security policies that isolate compromised endpoints.

Cisco Rapid Threat Containment


NAC for medical devices

As more medical devices come online, it’s critical to identify devices entering a converged network. NAC solutions can help protect devices and medical records from threats, improve healthcare security, and strengthen ransomware protection.

Cisco Medical NAC