Configuring Endpoint Security (Client-Side) Using F5 Access Policy Manager (APM)

Outstanding feedback Ollo1, thank you. As you read, the requirement for this made up organization was to provide a NAC solution. NAC can include a broad range of access controls. Maybe wiki can provide the answer you are looking for. This is not an F5 requirement but rather an organizational requirement. F5 doesn't require NAC it was the decision of the cyber team to require client-side checks. Below is an overview of NAC from wiki. Hope this helps.

Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to network nodes by devices when they initially attempt to access the network.[citation needed] NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed. A basic form of NAC is the 802.1X standard.

Network Access Control aims to do exactly what the name implies—control access to a network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do.

Example When a computer connects to a computer network, it is not permitted to access anything unless it complies with a business defined policy; including anti-virus protection level, system update level and configuration. While the computer is being checked by a pre-installed software agent, it can only access resources that can remediate (resolve or update) any issues. Once the policy is met, the computer is able to access network resources and the Internet, within the policies defined within the NAC system. NAC is mainly used for endpoint health checks, but it is often tied to Role-based Access. Access to the network will be given according to the profile of the person and the results of a posture/health check. For example, in an enterprise the HR department could access only HR department files if both the role and the endpoint meets anti-virus minimums.

Goals of NAC Because NAC represents an emerging category of security products its definition is both evolving and controversial. The overarching goals of the concept can be distilled as:

Mitigation of non-zero-day attacks Authorization, Authentication and Accounting of network connections. Encryption of traffic to the wireless and wired network using protocols for 802.1X such as EAP-TLS, EAP-PEAP or EAP-MSCHAP. Role-based controls of user, device, application or security posture post authentication. Automation with other tools to define network role based on other information such as known vulnerabilities, jailbreak status etc. The main benefit of NAC solutions is to prevent end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination of computer worms. Policy enforcement NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network, and enforce them in switches, routers, and network middleboxes. Identity and access management Where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities, at least for user end-stations such as laptops and desktop computers.

https://en.wikipedia.org/wiki/Network_Access_Control