Cisco Exec Explains NAC Strategy Shift

"In the past year, we've moved from a purely framework approach to NAC to one that includes the framework and the NAC Appliance [formerly the Clean Access Appliance]," said John Stewart, chief security officer at Cisco, San Jose, Calif.

NAC protects corporate networks by ensuring that patches and software are up to date before allowing devices to access the network. The NAC framework is a reference architecture that combines the efforts of Cisco, Microsoft and more than 75 software partners. It relies on widespread adoption of the 802.1x authentication standard, which has yet to occur, according to Cisco.

Cisco's customers are still on board with the NAC framework, but many have embraced the NAC appliance model because they're looking for immediate, short-term results. The appliance also allows them to deploy NAC quickly—and to a degree seamlessly—without changing their network topology, Stewart said. "We've had customers ask Cisco for an interim step they can take as we work toward the NAC framework topology because it's going to take years for us to roll it out."

Another key aspect of Cisco's NAC strategy involves working with Microsoft to ensure that NAC and the Redmond, Wash.-based software giant's Network Access Protection (NAP) will work together. Cisco and Microsoft have provided few details on exactly how the interoperability will be achieved.

"We don't yet have the reference architecture that would allow us to point and say, 'Here's exactly how NAC and NAP are going to work together,' " Stewart said.

Interoperability between NAC and NAP will eventually be realized, said Chris Ellerman, national practice director for security at Dimension Data, a VAR in Reston, Va. "There are multiple ways to go about it, but in the future NAC will be implemented in the network layer and OS layer as a standard."