- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - The Trusted Computing Group and the National Institute of Standards and Technology Tuesday joined to give their blessing to the union of two technologies that each have championed: TCG with its network-access control standard called Trusted Network Connect, and NIST with its desktop-security configuration standard called the Security Control Automation Protocol.
SCAP, implemented in over 35 products approved under NIST certification, is required by use in the federal government under what's known as the Federal Desktop Core Configuration mandate to ensure security configuration and evaluation. TNC is an open standards-based network-access control method for determining the "health" of an endpoint based on a set of possible criteria before allowing it onto the network. How SCAP and TNC might work together, or whether they should, had long been debated in tech circles. But NIST and TCG today backed marrying the two in deployments.
"Working together, NIST and the TCG have integrated the Security Content Automation Protocol developed by NIST and Trusted Network Connect (TNC) standards developed by TCG to provide a powerful combination of automated compliance management and network access and enforcement," stated a white paper published Tuesday on the topic and posted on the TCG Web site.
"Automating and integrating security management with these standards reduces expensive manual intervention and frees security experts to focus on other more complex information security issues," the TCG/NIST document states.
Steve Hanna, Juniper distinguished engineer who has been active in TCG standards development, says the question of how or if TCN and SCAP could work together was a topic of a meeting earlier in June with representatives from NIST and TCG.
"Do they work together or not?" was the main question, Hanna says, and the answer issued officially Tuesday is "yes."
However, it will still all take some "glue code" to show how that will work, he says. Some pilots have begun already, and Juniper itself is working to integrate its TNC with SCAP-based products.
"The standards TNC and SCAP are quite complementary though they were developed independently," Hanna says. "SCAP is about the endpoint and how you manage it. One of the things TNC does is identify unhealthy machines and quarantine them."
Uniting TNC with SCAP to work together would introduce new options for compliance checking and network enforcement to do SCAP-based checking, Hanna concludes.
Read more about security in Network World's Security section.