Don't assume that the significant amount of news being made by network access control (NAC) vendors -- such as deals between Bradford Networks and Network Engines and Meru and several partners -- means that the category has found its legs.
It may sound a bit strange, but as NAC platforms roll out there still is confusion over what precisely the category is. Perhaps that's why the writer of this eWeek piece decided that it was necessary to include a definition of the technology in a story that, presumably, is being read by people who know something about the topic.
NAC determines which user devices (referred to as end points in this context) are allowed into which nooks and crannies of the corporate network. It does this by assessing if the individual using the device is the legitimate user and whether he or she has the right under the organization's policies to do what they are attempting.
NAC systems also assess whether the end point device is up to snuff. Viruses or spyware may be detected, for instance, or it may be determined that antivirus definitions are not up to date. If the device doesn't satisfy these or other requirements, it is shunted off to a designated area for remediation.
A big issue in the maturation of NAC is standardization. Even in the best of circumstances, standardization is a long and circuitous quasi-political exercise in which as much -- or even more -- attention is paid to corporate agendas as to choosing the best technology.
We can't imagine the process of NAC standardization being any different. If anything, it will be harder due to the broad nature of the category. Descriptions of NAC devices suggest it is a framework into which various types of functionality can be plugged as they are needed. While this flexibility may make the standards process more cumbersome, it also is why so many people are excited by the approach.