What Is Network Access Control?

Network access control, or NAC, solutions support network visibility and access management through policy enforcement on devices and users of corporate networks.

Why is it important to have a NAC solution?

With organisations now having to account for exponential growth of mobile devices accessing their networks and the security risks they bring, it is critical to have the tools that provide the visibility, access control, and compliance capabilities that are required to strengthen your network security infrastructure.

A NAC system can deny network access to noncompliant devices, place them in a quarantined area, or give them only restricted access to computing resources, thus keeping insecure nodes from infecting the network.

What are the general capabilities of a NAC solution?

NAC solutions help organisations control access to their networks through the following capabilities:

  • Policy lifecycle management: Enforces policies for all operating scenarios without requiring separate products or additional modules.
  • Profiling and visibility: Recognises and profiles users and their devices before malicious code can cause damage.
  • Guest networking access: Manage guests through a customizable, self-service portal that includes guest registration, guest authentication, guest sponsoring, and a guest management portal.
  • Security posture check: Evaluates security-policy compliance by user type, device type, and operating system.
  • Incidence response: Mitigates network threats by enforcing security policies that block, isolate, and repair noncompliant machines without administrator attention.
  • Bidirectional integration: Integrate with other security and network solutions through the open/RESTful API.

Use cases for network access control

NAC for guests/contractors

Whether accounting for contractors, visitors, or partners, organisations use NAC solutions to make sure that non-employees have access privileges to the network that are separate from those of employees.

Cisco Identity Services Engine


The exponential growth in mobile devices has liberated the workforce from their desks and given employees freedom to work remotely from their mobile devices. NAC for BYOD ensures compliance for all employee owned devices before accessing the network.

Cisco Identity Services Engine

NAC for the Internet of Things

IoT devices, whether they be in manufacturing, healthcare, or other industries, are growing exponentially and serve as additional entry points for attackers to enter the network. NAC can reduce these risks in IoT devices by applying defined profiling and access policies for various device categories.

Cisco IoT Threat Defense

NAC for incidence response

NAC vendors can share contextual information (for example, user ID or device type) with third-party security components. They can respond to cybersecurity alerts by automatically enforcing security policies that isolate compromised endpoints.

Cisco Rapid Threat Containment

NAC for medical devices

As more medical devices come online, it’s critical to identify devices entering a converged network. NAC solutions can help protect devices and medical records from threats, improve healthcare security, and strengthen ransomware protection.

Cisco Medical NAC