FAQ: Network Access Control (NAC)

What is Network Access Control (NAC)?
Network Access Control (NAC) is a mechanism that ensures device trust before allowing device access to a secure network.


Why is NAC implemented now?
NAC is implemented as part of efforts to assure clean and stable computers and prevent malware or ransomware infections, several strategies will be implemented over the next several months to improve the security of our environment.

With the NAC agent, what can Mass General Brigham on the device?
The NAC agent collects data on Windows endpoints regarding encryption, antivirus software, SCCM, Crowdstrike, and Windows Version.  For Macintosh systems, NAC checks for PEAS enrollment, encryption, antivirus software, Crowdstrike and Macintosh version . Please visit the rc.partners.org website for additional information on device compliance.

What happens to devices with IP addresses that connect to the Mass General Brigham computer network, but cannot install the NAC agent?
Exclusions are built-in for printers, iOS mobile devices, Android devices, medical equipment and Linux devices. Technicians will work with individuals to identify these assets and determine appropriate steps. Contact the
Digital Service Desk if you have such an asset.

Is there a variance request process?
To evaluate the cybersecurity risk of temporarily deviating from an existing Mass General Brigham policy or standard, you can submit a
 ISPO Cybersecurity Variance Request form.

 

Go to KB0032638 in the IS Service Desk