A technology to restrict device access to a network based on identity or compliance. In practice, NAC often means only devices with certain credentials or security posture can connect (like 802.1X port authentication, where a switch only lets a device onto the network if it provides the right certificate or credentials). In OT, NAC can be used to prevent unauthorized laptops from plugging into a control network port. However, NAC solutions can be tricky in ICS (older devices may not support fancy auth, and you don’t want to accidentally lock out a critical asset), so they are used with care.
