It is important to understand what Network Access Control is, how does it work, and how it is being implemented in the Government.
Network Access Control
It is considered a protocol, tool, or mechanism that helps with the management of the security entry to devices that try to connect to a network. NAC is implemented to help in many security aspects such as Intrusion Detection System (IDS), Intrusion Prevention System (IPS), antivirus, host or gateway firewall, users or system authentication, and network security enforcement. One of the most important aspects to mention about NAC is that before the access it checks the security of the endpoint, and policy compliance, and after the access is granted, it controls the location and behavior.
NAC oversees two types of assessments: user authentication and device compliance evaluation. The access is controlled using predefined role-based access policies with an AAA (Authentication, Authorization, and Accounting) solution. However, technology is always evolving, NAC solutions also have grown to include guest access management, bring your own device (BYOD) management, security for IoT devices, and fingerprinting capabilities to identify the make and OS of endpoint devices. Most NAC architectures are based on 802.1x, Extensible Authentication Protocol (EAP), EAP over LAN (EAPoL), 802.11i, 802.11w, and Remote Authentication Dial-In User Service (RADIUS) protocols (Parhi, 2012).