Filter
Top Products
Glossary
GL-3
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
N
NAC
Network Admission Control-NAC is a Cisco-sponsored industry initiative that uses the network
infrastructure to enforce security policy compliance on all devices seeking to access network
computing resources; thereby limiting damage from viruses and worms. NAC is part of the Cisco
Self-Defending Network, an initiative to increase network intelligence in order to enable the network
to automatically identify, prevent, and adapt to security threats.
NAC/NAP
Cisco Network Access Control/Microsoft Network Access Protection.
NAC-compliant
applications
Applications that integrate with the NAC client. Examples of such applications are Cisco Security
Agent and antivirus programs that provide the NAC client with attributes about themselves, such as
the version number of a virus definition file.
NAD
Network Access Device-A network access device acts as a policy-enforcement point for the
authorized network-access privileges that are granted to a host.
NAF
Network Access Filter-A NAF is a named group of any combination of one or more of the following
network elements: IP addresses, AAA clients (network devices), and network device groups (NDGs).
Using a NAF to specify a downloadable IP ACL or Network Access Restriction based on the AAA
clients by whom the user may access the network saves you the effort of listing each AAA client
explicitly.
NAP agent
A process running on a NAP client that sends SoHs or health certificates to ACS.
NAP client
A computer running Windows Vista or Windows Server 2008. NAP clients send their health
credentials as Statements of Health (SoHs) or a health certificate.
NDG
Network Device Group-A collection of network devices that act as a single logical group.
NPS
Network Policy Server. A Microsoft server that validates health certificates from NAP clients and
provides remediation instructions if needed.
P
PA
Posture Agent-An application that serves as the single point of contact on the host for aggregating
posture credentials from potentially multiple posture plug-ins and communicating with the network.
PAC
Protected Access Credential-A security credential that is used with EAP-FAST (Flexible
Authentication via Secure Tunneling). With EAP-FAST, instead of using a certificate, mutual
authentication is achieved by using a PAC, which can be managed dynamically by the authentication
server. The PAC can be provisioned (distributed one time) to the client either manually or
automatically. Manual provisioning is delivery to the client via disk or a secured network distribution
method. Automatic provisioning is an in-band, over the air, distribution.
PDP
Policy Decision Point-Provides facilities for policy management and conditional filters.
PEP
Policy Enforcement Point-ACS acts as the policy enforcement point for policy management.