A Critical Piece Towards TISAX Compliance
TISAX was developed by the German Automotive industry and forms a critical security assessment based on key IT security aspects, including data protection and connections with third parties. Even companies that aren’t located in Germany or only produce a single component that is ultimately used in a German vehicle will need to comply with TISAX.
As TISAX is relatively new, many organisations are still exploring the best approach for them to achieve compliance. It’s important to note that right now, there is no single solution that provides complete TISAX compliance; it’s only through a blended approach that companies can address all the requirements.
Network Access Control, or NAC, ensures that only authenticated users or devices can access the private company network. Once granted access, NAC enforces policies to regulate the network users’ access areas while continuously monitoring and logging their activity. NAC also enables effective and dynamic network segmentation to minimise attack surfaces and reduce the threat from malware.
It’s important to realise that full TISAX compliance requires a range of tools and processes that will ensure all the requirements are met. NAC alone will not be enough, but it’s a hugely important first piece of the puzzle.
NAC helps identify users or devices by using certificates to determine the user’s or device’s identity. It also sets validity periods through the certificate’s expiration date, traces successful and unsuccessful logins by the RADIUS-server and provides a means to revoke access through the Online Certificate Status Protocol (OCSP) or via the distribution of Certificate Revocation Lists (CRL).
NAC provides management for access rights and ensures only authorised users have access to information and IT applications. When using NAC solutions, it provides role-based access that controls who has access to which parts of your networks.
Digital certificates in the NAC solutions provide you with choices for how you want to use the cryptography on the certificates, for instance it is possible to generate certificates with variations in cryptographic algorithms and applied key size according to the requirements.
NAC supports network segmentation, and with NAC it can be more dynamic e.g. dynamic VLAN assignment.
Additionally, it will authorise users and devices to predefined levels of access to these environments, based on the rules that you determine.
NAC reduces the attack surface and the impact of malware attacks.
NAC does not provide direct protection against malware, but by segmenting networks you minimise the risk of viruses and malware spreading through your network.
If you have NAC in place, you will have a log of all successful and unsuccessful login attempts, giving you control over who has access to what at each moment.
Through purchasing ongoing support for your NAC solution, you ensure that you always have available a version of the NAC software that is patched against the latest vulnerabilities. But these upgrades also need to be installed. This can be time consuming, but more importantly: because the NAC solution is the core authenticator on a network, upgrading could lead to an interruption of service. To comply with this requirement, it is therefore important to buy a NAC solution that allows you to quickly implement upgrades while users can still authenticate using certificates.
NAC ensures external contractors and third party organisations are only able to access areas that they are authorised to access, even though they are not part of your company domain.
With Soliton, not only do you get access to a highly secure and user-friendly NAC, you get access to our team of experts who are available to help with technical issues to ensure your network is constantly secure. Soliton’s NAC is vendor agnostic, meaning it grows with any possible changes to the infrastructure.