Recently, a NAC customer said the technology does well performing one of its primary functions - the often cited, access control for guests - and that was the primary reason they bought NAC.

But when it came to deployment involving full-time employees using managed, corporate-issued machines, the motivation shifted. Yes, the customer wanted to control access and screen endpoints for compliance with the business’ desktop/laptop configuration posture, and NAC would do that.

But the customer also was faced with meeting regulatory requirements, which in part, called for verifying that access policies are enforced, shortcomings of endpoints are remediated, and logs of user activity can stand up to regulatory audits.

Many NAC products can provide these functions even though they are not specifically designed to wrestle with regulators’ demands, and many NAC customers are putting the gear into this role. (Compare NAC products)

Potential customers of NAC should recognize this additional usefulness of the product, and if it is interesting to them, they should make these capabilities part of their product-evaluation check list.

Some of these regulatory requirements can be met using other products outside of NAC, in some cases products they already have. A growing body of NAC customers find that in addition to their primary reasons for deploying NAC they like the way it can backstop other safeguards.

For instance, application management software that updates endpoints with the latest version updates and patches should be taking care of corporate endpoint-posture policies. But NAC can double check that the updates administrators intended to reach endpoints actually got there.

As one customer put it, it’s a way to validate against other validation tests.

Tim Greene is senior editor at Network World.