topic Re: NAC 4.7.2 NAA Checks, Rules and Requirements in Network Security

NAC 4.7.2 NAA Checks, Rules and Requirements

Robert Slusar — Fri, 21 Feb 2020 12:00:30 GMT

As I Understand the way these work is sort of like this.

A Check is something that could be looked for on a device with an installed NAA.

A Check really doesn't do anything until it is coupled in a Rule which will return the equivalent of a true or false.

The Rule simply shows whether or not something complies with it but unless there a Role Requirement NAC will do nothing to force remediation or prevent access provided authentication (login) passes.

Say I have what I perceive as a single employee user role based upon mapping but I have 2 very different OS's Window and MAC OSx. If I create a requirement for that role and it is Necessarily Windows-centric would it effectively keep the MAC OSx agents from accessing the network? Do I need to have a WINemployee role and a MACemployee role?

Thanks!

Bob

Re: NAC 4.7.2 NAA Checks, Rules and Requirements

Faisal Sehbai — Wed, 30 Jun 2010 00:12:05 GMT

Bob,

The agent is intelligent enough to discern that if a MAC is logging in, and your requirements are all Windows, it won't check for them. So long story short, you don't need a separate role for the MACs.

HTH,

Faisal

Re: NAC 4.7.2 NAA Checks, Rules and Requirements

Robert Slusar — Wed, 30 Jun 2010 00:21:10 GMT

Thank you Faisal!

I may be over thinking things a bit.

Bob