I can see that NAC Certified devices can be cleared manually, or after a timer has expired. However, I want to know if the Certified device posture can be automatically re-assessed periodically For example, one of my checks is to ensure AV is running. If the user of that machine disables AV, will the machine be removed from the certified device list and the end user warned?
My understanding is that, no, this will not happen. On NAC deployments that I have been involved with, I've set a periodic timer to clear the certified devices list every so often, usually in the middle of the night.