Network Access Control (NAC)

Network Access Control (NAC) is a security approach that restricts which devices can connect to your network based on their identity, security posture, and compliance status. Before a device is granted network access, NAC checks whether it meets your security requirements — is it a known device, is its antivirus current, is it properly patched, does it meet your configuration standards?

Devices that don't meet requirements can be quarantined to a restricted network segment, given limited access, or blocked entirely. NAC helps prevent unauthorized or compromised devices from connecting to your CUI environment.

Why It Matters

NAC supports CMMC requirements for controlling system access and ensuring devices meet security standards. Preventing non-compliant or unauthorized devices from accessing your CUI network is a practical way to enforce multiple access control and configuration management requirements.

Related Resources

CMMC: IA.L2-3.5.6
NIST 800-171: 3.5.6
NIST 800-53: AC-2(5)
NIST 800-53: SC-18(1)