Network access control data
Network access control (NAC) data refers to the information generated, collected, or enforced by systems that manage and monitor which users, devices, or systems are permitted to connect to and communicate over a network. Most data points will include a timestamp, device, user, and action. It can also include the network, connection status, reason for an action, compliance status, applicable policy, and session start and end time. This data is used for access management and policy enforcement, which supports security, compliance, and operational visibility.
Network access control data is event driven and comes from the following:
- Authentication events: Device/user successfully authenticated to the network
- Access denied/quarantine events: Device denied or isolated due to non-compliance
- Network admission control logs: Entry showing device/user passed compliance and was admitted
- Policy enforcement actions: Actions taken for non-compliance (for example, quarantine)
- Connection attempts and results: Log of successful or failed network access attempts
- Session activity: Start/end times and details for a network session
- Network segmentation changes: Device moved between network segments/VLANs
Network access is managed by network infrastructure, such as firewalls, routers, switches, VPNs, and security groups.