Introduction
Overview
1-12
Compliance Enforcement
Based on endpoint test results, NAC 800 takes the appropriate action. End-
points that test compliant with the applied policy are permitted access. Non-
compliant endpoints are either quarantined, or are given access for a tempo-
rary period. Implement the necessary fixes during this period.
Key features include:
■
Flexible enforcement options – Grant or quarantine access criteria is
designated by the administrator and driven by the criticality of
selected tests and corporate security standards.
Manual overrides – Administrators can retest, quarantine, or grant
■
access to endpoints on demand.
■
User notifications – Users of non-compliant endpoints receive imme-
diate notification about the location of the endpoint deficiencies, as
well as step-by-step information about implementing the corrections
to achieve compliance.
Administrator notifications – Administrators receive a variety of noti-
■
fications and alerts based on testing and access activity.
■
Graduated enforcement – Allows controlled system rollout.
Automated and Manual Repair
■
Self-remediation – End-users are notified of where their endpoints are
deficient and provided with remediation instructions.
Access "grace period" – Non-compliant endpoints are granted access
■
for a temporary, administrator-defined period to facilitate remedia-
tion.
Targeted Reporting
NAC 800 reports provide concise security status information on endpoint
compliance and access activity. Specific reports are available for auditors,
managers, and IT staff members.
For more information, see "Reports" on page 12-1.