18.5. Policy Enforcement Point

The Policy Enforcement Point (PEP) is the piece of network or security equipment that controls user access and ensures the authorization decision made by the Policy Decision Point (PDP).

In some NAC implementations, the PDP is a wired switch or wireless access point. In others, it's a firewall, IPS, server, or inline appliance. Depending on the implementation, the PEP and PDP can either be standalone devices or consolidated into a single device.