Compliance Enforcement; Automated And Manual Repair - HP ProCurve NAC 800 User Manual

Introduction
Overview
1-12
Rapid testing and robust endpoint management – Thousands of
■
endpoints can be tested and managed simultaneously.
■ Continual testing – Endpoints are retested on an administrator-
defined interval as long as they remain connected to the network.

Compliance Enforcement

Based on endpoint test results, NAC 800 takes the appropriate action. End-
points that test compliant with the applied policy are permitted access. Non-
compliant endpoints are either quarantined, or are given access for a tempo-
rary period. Implement the necessary fixes during this period.
Key features include:
■ Flexible enforcement options – Grant or quarantine access criteria is
designated by the administrator and driven by the criticality of
selected tests and corporate security standards.
■ Manual overrides – Administrators can retest, quarantine, or grant
access to endpoints on demand.
User notifications – Users of non-compliant endpoints receive imme-
■
diate notification about the location of the endpoint deficiencies, as
well as step-by-step information about implementing the corrections
to achieve compliance.
Administrator notifications – Administrators receive a variety of noti-
■
fications and alerts based on testing and access activity.
Graduated enforcement – Allows controlled system rollout.
■

Automated and Manual Repair

■ Self-remediation – End-users are notified of where their endpoints are
deficient and provided with remediation instructions.
Access "grace period" – Non-compliant endpoints are granted access
■
for a temporary, administrator-defined period to facilitate remedia-
tion.
■ Patch Management – NAC 800 can integrate with patch manage-
ment software, automating the process to get an endpoint updated
and on the network.