For years, TCG and IETF have been working together to create a complete set of Network Access Control (NAC) standards recognized and approved by both groups. This week, we achieved that goal.

IETF has released RFC 7171 (PT-EAP) and TCG has released IF-T/EAP 2.0. These two documents are entirely equivalent and interchangeable. The only difference is the name. These documents complete the set of NAC standards, which IETF calls the NEA standards and TCG calls the TNC standards.

Why care?

In the past, NAC products have implemented a mish-mash of open standards and proprietary protocols. Interoperability was spotty. Now that the NAC standards are complete and recognized by both standards bodies (IETF and TCG), we should be able to move toward increased interoperability.

How can I get more interoperability?

TCG has created a TNC Certification Program that verifies compliance with the TCG NAC specifications and interoperability with other compliant products. Customers should ask their NAC vendors and endpoint vendors if their products have been certified through this program. If not, ask when they will be.

What’s next for NAC standards?

Now that we have a complete set of NAC standards, TCG is building on that solid base. We have defined specifications for several optional extensions. The PTS Protocol supports secure software integrity checks (e.g. verifying BIOS or OS integrity). SCAP Messages for IF-M handles configuration checks using the SCAP standards. And SWID Messages for IF-M does software inventory using the SWID standard.

What if I have questions?

If you have questions about the TNC/NEA standards, email[email protected].