FAQ: Network Access Control (NAC)

What is Network Access Control (NAC)?
Network Access Control (NAC) is a mechanism that ensures device trust before allowing device access to a secure network.

What is the SecureConnector Network Access Control (NAC) agent?
A NAC agent is an application installed on a device to allow visibility into policy compliance of that device when connecting to the Mass General Brigham computer network. The current agent used at Mass General Brigham is called SecureConnector.

Why is NAC implemented now?
NAC is implemented as part of efforts to assure clean and stable computers and prevent malware or ransomware infections, several strategies will be implemented over the next several months to improve the security of our environment.

With the NAC agent, what can Mass General Brigham on the device?
The NAC agent collects data on Windows endpoints regarding encryption, antivirus software, SCCM, Crowdstrike, and Windows Version.  For Macintosh systems, NAC checks for PEAS enrollment, encryption, antivirus software, Crowdstrike and Macintosh version . Please visit the rc.partners.org website for additional information on device compliance.

What devices have the SecureConnector Network Access Control (NAC) agent?
SecureConnector is already installed on most Mass General Brigham standard Windows workstations and some PEAS-enrolled Macs. Mobile devices, such as phones or tablets, and Linux computers are exempt at this time.

How can I tell if I have the SecureConnector Agent installed on my computer?
On Macintosh systems, open your Applications folder and search for ForeScout SecureConnector. On Windows systems, open Program Files and search for ForeScout SecureConnector.

How do I get the SecureConnector Network Access Control (NAC) agent?
If you do not find ForeScout SecureConnector in your list, you may visit this website to install:
https://rc.partners.org/SecureConnector. If you are enrolled in PEAS, you can simply open Self Service and install ForeScout SecureConnector.

What types of devices will require the SecureConnector Network Access Control (NAC) agent to connect to the Mass General Brigham computer network?
Any device running a Macintosh or Windows Operating System (OS) will require the SecureConnector agent to connect to the Mass General Brigham computer network. This includes devices connecting to the network using VPN.

How will SecureConnector Network Access Control (NAC) agent be installed on other assets with IP addresses that rely on the network?
Technicians will work with individuals to identify these assets and install the SecureConnector agent on devices that are capable. Additional, physical discovery will be conducted in collaboration with IS technicians. Contact the Digital Service Desk if you have such an asset.

What happens to devices with IP addresses that connect to the Mass General Brigham computer network, but cannot install the NAC agent?
Exclusions are built-in for printers, iOS mobile devices, Android devices, medical equipment and Linux devices. Technicians will work with individuals to identify these assets and determine appropriate steps. Contact the
Digital Service Desk if you have such an asset.

Is there a variance request process?
To evaluate the cybersecurity risk of temporarily deviating from an existing Mass General Brigham policy or standard, you can submit a
 ISPO Cybersecurity Variance Request form.

 

Go to KB0032638 in the IS Service Desk