FAQ: Network Access Control (NAC)

What is Network Access Control (NAC)?
Network Access Control (NAC) is a mechanism that ensures device trust before allowing device access to a secure network.

What is the SecureConnector Network Access Control (NAC) agent?
A NAC agent is an application installed on a device to allow visibility into policy compliance of that device when connecting to the Partners Network. The current agent used at Partners is called SecureConnector.

Why is NAC implemented now?
NAC is implemented as part of efforts to assure clean and stable computers and prevent malware or ransomware infections, several strategies will be implemented over the next several months to improve the security of our environment.

With the NAC agent, what can Partners see on the device?
The NAC agent collects data on the device regarding encryption, antivirus software, patch compliance. For Macintosh systems, NAC checks for PEAS enrollment. Please visit the Knowledge Base for additional information on device compliance.

What devices have the SecureConnector Network Access Control (NAC) agent?
SecureConnector is already installed on most Partners standard Windows workstations and some PEAS-enrolled Macs. Mobile devices, such as phones or tablets, and Linux computers are exempt at this time.

A Linux agent is available for testing at this time. Visit https://rc.partners.org/SecureConnector to install.

The requirements include encryption, antivirus software, and patches. 

How can I tell if I have the SecureConnector Agent installed on my computer?
Open your Applications folder and search for ForeScout SecureConnector. 

How do I get the SecureConnector Network Access Control (NAC) agent?
If you do not find ForeScout SecureConnector in your list, you may visit this website to install: https://rc.partners.org/SecureConnector. If you are enrolled in PEAS, you can simply open Self Service and install ForeScout SecureConnector.

What types of devices will require the SecureConnector Network Access Control (NAC) agent to connect to the Partners network?
Any device running a Macintosh, Windows or Linux Operating System (OS) will require the SecureConnector agent to connect to the Partners network. This includes devices connecting to the network using VPN.

How will SecureConnector Network Access Control (NAC) agent be installed on other assets with IP addresses that rely on the network?
Technicians will work with individuals to identify these assets and install the SecureConnector agent on devices that are capable. Additional, physical discovery will be conducted in collaboration with IS technicians. Contact the IS Service Desk if you have such an asset.

What happens to devices with IP addresses that connect to the Partners network, but cannot install the NAC agent?
Exclusions are built-in for printers, iOS and Android devices. Technicians will work with individuals to identify these assets and determine appropriate steps. Contact the IS Service Desk if you have such an asset.

Is there a variance request process?
To evaluate the cybersecurity risk of temporarily deviating from an existing Partners policy or standard, you can submit a ISPO Cybersecurity Variance Request Form.

 


Related articles