A panel of NAC experts at Interop gave a broad overview of the status of the technology, which it declared mature, meaning that most vendors have a way to deal with devices that can't support a NAC client or per-session agent and support 802.1x enforcement.

The panel also said the next generation of NAC will pull in other security systems such as IDS (Compare IDS products), VPN, antivirus (Compare antivirus products) and firewalls (Compare Enterprise Firewall products) to share data they collect and use that to make policy-enforcement decisions. In addition, a unified management of NAC and these other systems will be developed over time to enable a single administrator to draw on all the platforms at once to isolate incidents.

Since its inception, the expectations about what NAC can do has expanded from checking the security posture of a device to providing broad visibility into what each device is doing on the network and whether that complies with policies.

This capability is being developed to assign least privileges to end users, that is granting them access to just those resources they need to do their jobs and nothing else, members of the panel said.

Coming down the pike are industry-specific applications of NAC that, they say, tie in with existing infrastructure in manufacturing or financial industries to meet their unique access control needs.

The panel seemed to agree that NAC standards from the IETF will be readily incorporated into today’s NAC products that comply with the standards put out by Trusted Computing Group (TCG). The IETF is working on a set of standards that will be more broadly accepted - which pretty much means that Cisco will comply with them - and should be ready sometime next year.

The IETF standards amount to TCG standards that have undergone tweaking, so bringing TCG compliant standards into compliance with IETF standards should be relatively painless, the panel said.

Tim Greene is senior editor at Network World.