Friday Sep 22
Mar
11/10
Making NAC Standard Progress: IETF accepts two TNC specs
Updated on Saturday, 28 January 2012 06:36
Share

I’m excited to share with you this press released, jointly announced by TNC and IETF. Internet Engineering Task Force Publishes Network Access Control Standards Based on Trusted Computing Group Specifications. Keep reading to find out exactly what this means.

The roles of TNC and IETF
As many of you know from my posts and talks, I always distinguish between frameworks and standards. TNC is a consortium that created a framework for NAC communications and endpoint checks. Many vendors have already bought in to the TNC specifications, but there have been a few holding out; Cisco being the largest and most influential. Strangely enough, Cisco wanted to have a standard in place, versus a less formal framework. Ironic, I know. In any event, the IETF (in the form of IETF’s NEA) has been trying to fill that gap of true NAC standards. The problem has been that, although vendors said “yes” to the IETF standards, no one was contributing any new specifications for it. Here’s where TNC reenters the picture. Slowly but surely, the IETF has been adopting the TNC’s frameworks as accepted specs for the standards.

The importance of this announcement
Today’s news demonstrates one more big step in the right direction for TNC, IETF and all the vendors participating. With the acceptance of two more TNC specifications into the IETF standard, we can expect to round out the full IETF NAC Standard by the close of 2010. With a full set of standards, vendors will be able to offer scalable, evolving solutions that integrate more seamlessly with the rest of the infrastructure. Exciting, isn’t it!?

The announcement begins

Internet Engineering Task Force Publishes Network Access Control Standards Based on Trusted Computing Group Specifications

PORTLAND, MARCH 11, 2010 – Trusted Computing Group today announced that two specifications created by its Trusted Network Connect (TNC) work group have been accepted and published as specifications by the Internet Engineering Task Force (IETF). This means that developers and OEMs wanting to create network access control products now will have a single set of standards to support.
“Enterprise users are the real winners; the agreement on a single standard for network access control and endpoint assessment will provide consistency across products from leading networking vendors,” said Russ Housley, chairman of the IETF.

Noted Steve Hanna, co-chairman of the TCG TNC work group and of the IETF working group on this topic, “This industry-wide agreement on standards will increase the number of vendors and customers adopting standards-based network security. In addition, products developed for the new standards can be deployed with the many existing products using TNC specifications to protect the network and critical assets from a myriad of threats.”

The first standard (called PB-TNC by the IETF and IF-TNCCS 2.0 by the TCG) defines a standard way to perform a health check of a network “endpoint” such as a laptop computer or printer. If the endpoint is not healthy, it can be fixed or have its network access restricted. The second standard (called PA-TNC by the IETF and IF-M 1.0 by the TCG) defines a standard set of health checks that are commonly performed, such as checking anti-virus status. These newest standards are based on the TNC standards that customers have been using for years.
continued

You can read the full press release online at: http://www.trustedcomputinggroup.org/media_room/news/113

Look for more information and content soon about TCG’s TNC, IETF and NAC standards, including a video interview with TNC’s Steve Hanna.

Resources and links:

 # # #


1 Comment
  1. CommentsMore on the IETF publishing the TNC specifications | Blog of Trust   |  Saturday, 20 March 2010 at 12:47 pm

    […] got the above image from an article on Security Uncorked about the IETF publishing the TNC specs. I hope she doesn’t mind me borrowing her […]


Leave a Reply