Network access control has come to refer to technology that enables enterprises to enforce security policies on endpoints connected to their networks. An enterprise security policy, for example, might require endpoints to have up-to-date security patches and antivirus tools, or prevent the use of applications such as peer-to-peer file sharing or instant messaging.

NAC endpoint security policies can be verified only by scanning the endpoint for compliance from the inside. This process involves taking measurements on the endpoint, such as file versions or checksums, and comparing them against reference values. But to keep up with antivirus vendors updating their signatures, or operating system vendors issuing new security patches, the database of reference values can change almost daily. Clearly, a certain amount of infrastructure is needed to support all of these NAC moving parts.

Multiple vendors offer what appear to be comparable NAC solutions, but none are interoperable. This makes NAC a strong candidate for standardization. Last fall, the IETF chartered the Network Endpoint Assessment (NEA) Working Group to standardize the protocols common to a number of NAC infrastructure architectures, such as Network Access Protection from Microsoft, Cisco Network Admission Control and Trusted Network Connect from the Trusted Computing Group, with the goal of promoting interoperability.