NIST blesses network access, desktop security

Trusted Computing Group and the National Institute of Standards and Technology agree on standards

The Trusted Computing Group and the National Institute of Standards and Technology Tuesday joined to give their blessing to the union of two technologies that each have championed: TCG with its network-access control standard called Trusted Network Connect, and NIST with its desktop-security configuration standard called the Security Control Automation Protocol.

The Trusted Computing Group and the National Institute of Standards and Technology Tuesday joined to give their blessing  to the union of two technologies that each have championed: TCG with its network-access control standard called Trusted Network Connect, and NIST with its desktop-security configuration standard called the Security Control Automation Protocol.

Security absurdity: U.S. in sensitive information quagmire

SCAP, implemented in over 35 products approved under NIST certification, is required by use in the federal government under what's known as the Federal Desktop Core Configuration mandate to ensure security configuration and evaluation. TNC is an open standards-based network-access control method for determining the "health" of an endpoint based on a set of possible criteria before allowing it onto the network. How SCAP and TNC might work together, or whether they should, had long been debated in tech circles. But NIST and TCG today backed marrying the two in deployments.

"Working together, NIST and the TCG have integrated the Security Content Automation Protocol developed by NIST and Trusted Network Connect (TNC) standards developed by TCG to provide a powerful combination of automated compliance management and network access and enforcement," stated a white paper published Tuesday on the topic and posted on the TCG Web site.

"Automating and integrating security management with these standards reduces expensive manual intervention and frees security experts to focus on other more complex information security issues," the TCG/NIST document states.

Steve Hanna, Juniper distinguished engineer who has been active in TCG standards development, says the question of how or if TCN and SCAP could work together was a topic of a meeting earlier in June with representatives from NIST and TCG.

"Do they work together or not?" was the main question, Hanna says, and the answer issued officially Tuesday is "yes."

However, it will still all take some "glue code" to show how that will work, he says. Some pilots have begun already, and Juniper itself is working to integrate its TNC  with SCAP-based products.

"The standards TNC and SCAP are quite complementary though they were developed independently," Hanna says. "SCAP is about the endpoint and how you manage it. One of the things TNC does is identify unhealthy machines and quarantine them."

Uniting TNC with SCAP to work together would introduce new options for compliance checking and network enforcement to do SCAP-based checking, Hanna concludes.

Learn more about this topic

NIST and Trusted Computing Group White Paper on combining TNC and SCAP

Trusted Computing Group outlines how TNC and SCAP can be integrated

Juniper NAC: Powerful, complex

Feds racing to lock down Windows PCs
Insider Tip: 12 easy ways to tune your Wi-Fi network
Join the discussion
Be the first to comment on this article. Our Commenting Policies