Trusted Computing Group broadens its NAC scope

* Moving beyond pre-admission NAC to post-connect NAC

Trusted Computing Group is expanding its area of interest beyond pre-admission NAC to post-connect NAC.

The broadened scope comes in the form of a new protocol called IF-MAP, which stands for interface for meta-data access point. The protocol is intended to be spoken between security devices on networks and a meta-data access point (MAP) that receives and posts the data.

The idea is that security devices such as firewalls, intrusion detection and prevention systems, wireless controllers, configuration and change management platforms and the like, collect data that becomes more valuable if shared. A configuration change management platform could discover a shortcoming in an endpoint and post it to the MAP. An enterprise security management device might then determine that shortcoming violates security policy.

Notification of that violation posted to the MAP could trigger a firewall to block the device from the network.

If it is adopted, IF-MAP could enable gear from multiple vendors to participate in post-connect NAC. From the customer point of view such a development could mean a richer post-connect NAC scheme than a single vendor might offer. Perhaps as importantly, it could enable existing customer gear to participate in the scheme, potentially reducing the overall cost.

This protocol is brand new and no vendors have officially incorporated it in their products, but it’s an option that may materialize soon.

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT