Trusted Computing Group, which developed a body of NAC standards that are the framework for the NAC standards being weighed by the IETF, has centralized resources for developers of the Trusted Platform Module (TPM), hardware that can make certain types of NAC more secure.

The resource page includes links to specifications for TPM and white papers on how the technology might be put to use in corporate environments.

While TPM has been shipped in thousands and thousands of PCs, there has been no real adoption of it in NAC platforms, where it could free endpoint-based enforcement from criticism that it is too weak.

The argument goes that endpoints that are asked to report on their own security state can be made to lie by malware that may infect them. TPM can get around the problem by storing a hash of the last known safe state of the device and comparing that to a hash of the device as it boots up.

A recent blog post by Lisa Lorennzin, a member of the Trusted Computing Group who works for Juniper Networks, says that legitimate objections to TPM exist. One she details is that the sheer number of dlls, drivers and services that load on machines when they boot up, makes TPM unwieldy.

The counter argument is that additional standards have been developed to address the point.

Developers should take a look at this resource page to see whether it can shake loose ideas on how to make TPM practicable as a way to secure endpoint enforcement of NAC. If made more secure, it would help remove a major objection to endpoint NAC enforcement.

Tim Greene is senior editor at Network World.