topic NAC Implementation maturity process in Network Access Control https://community.cisco.com/t5/network-access-control/nac-implementation-maturity-process/m-p/4192619#M564134 <P>Hi Guys</P><P>Can any of the NAC experts on here give me a walkthrough of what a good implementation looks like.</P><P>For example, in my head I would have</P><P>&nbsp;</P><P>1.Define what policies you want to implement</P><P>2.Discovery, how long would you leave it to discover, a few months ?</P><P>3.Iron out and identify any unknown devices</P><P>4.Switch on controls</P><P>5.Start to segment Corporate from OT/IoT</P><P>6.Start to look at remediation and integration with AV/Windows etc</P><P>&nbsp;</P><P>This is my idea, what is everyone else doing? and in what timeline?</P> Thu, 03 Dec 2020 08:37:39 GMT carl_townshend 2020-12-03T08:37:39Z NAC Implementation maturity process https://community.cisco.com/t5/network-access-control/nac-implementation-maturity-process/m-p/4192619#M564134 <P>Hi Guys</P><P>Can any of the NAC experts on here give me a walkthrough of what a good implementation looks like.</P><P>For example, in my head I would have</P><P>&nbsp;</P><P>1.Define what policies you want to implement</P><P>2.Discovery, how long would you leave it to discover, a few months ?</P><P>3.Iron out and identify any unknown devices</P><P>4.Switch on controls</P><P>5.Start to segment Corporate from OT/IoT</P><P>6.Start to look at remediation and integration with AV/Windows etc</P><P>&nbsp;</P><P>This is my idea, what is everyone else doing? and in what timeline?</P> Thu, 03 Dec 2020 08:37:39 GMT https://community.cisco.com/t5/network-access-control/nac-implementation-maturity-process/m-p/4192619#M564134 carl_townshend 2020-12-03T08:37:39Z Re: NAC Implementation maturity process https://community.cisco.com/t5/network-access-control/nac-implementation-maturity-process/m-p/4192698#M564139 <P>There are more steps - several books and many Cisco Live presentations cover ISE deployments so it doesn't make sense to try to condense them here.</P> <P>Design is an important step to combine with your requirements. Only with those in hand can you create policies in the NAC (ISE).</P> <P>Discovery can last anywhere from days for a small network to months for a large one.</P> <P>We typically move from Monitor mode to Low Impact and then to Closed. Many organizations stop with Low impact mode.</P> <P>Your step 6 assumes Posture (e.g. ISE Apex). Not everybody chooses to go that far as their requirements are met with a Base level of functionality.</P> Thu, 03 Dec 2020 11:15:18 GMT https://community.cisco.com/t5/network-access-control/nac-implementation-maturity-process/m-p/4192698#M564139 Marvin Rhoads 2020-12-03T11:15:18Z