Risk Adaptive (Adaptable) Access Control

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Abbreviation(s) and Synonym(s):

Definition(s):

  In RAdAC, access privileges are granted based on a combination of a user’s identity, mission need, and the level of security risk that exists between the system being accessed and a user. RAdAC will use security metrics, such as the strength of the authentication method, the level of assurance of the session connection between the system and a user, and the physical location of a user, to make its risk determination.
Source(s):
NIST SP 800-95 under Risk-Adaptive Access Control (RAdAC) TAT-06284

  A form of access control that uses an authorization policy that takes into account operational need, risk, and heuristics.
Source(s):
CNSSI 4009-2015 under risk adaptable access control (RAdAC)

  Access privileges are granted based on a combination of a user’s identity, mission need, and the level of security risk that exists between the system being accessed and a user. RAdAC will use security metrics, such as the strength of the authentication method, the level of assurance of the session connection between the system and a user, and the physical location of a user, to make its risk determination.
Source(s):
NIST SP 800-160 Vol.2 under risk-adaptive access control

Glossary Comments

Comments about specific definitions should be sent to the authors of the linked Source publication. For NIST publications, an email is usually found within the document.

Comments about the glossary's presentation and functionality should be sent to secglossary@nist.gov.

See NISTIR 7298 Rev. 3 for additional details.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

Computer Security Resource Center

Computer Security Resource Center

Risk Adaptive (Adaptable) Access Control

Glossary Comments