U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

Risk Adaptive (Adaptable) Access Control

Abbreviation(s) and Synonym(s):

RAdAC

Definition(s):

  In RAdAC, access privileges are granted based on a combination of a user’s identity, mission need, and the level of security risk that exists between the system being accessed and a user. RAdAC will use security metrics, such as the strength of the authentication method, the level of assurance of the session connection between the system and a user, and the physical location of a user, to make its risk determination.
Source(s):
NIST SP 800-95 under Risk-Adaptive Access Control (RAdAC) from TAT-06284

  A form of access control that uses an authorization policy that takes into account operational need, risk, and heuristics.
Source(s):
CNSSI 4009-2015 under risk adaptable access control (RAdAC)

  Access privileges are granted based on a combination of a user’s identity, mission need, and the level of security risk that exists between the system being accessed and a user. RAdAC will use security metrics, such as the strength of the authentication method, the level of assurance of the session connection between the system and a user, and the physical location of a user, to make its risk determination.
Source(s):
NIST SP 800-160 Vol. 2 Rev. 1 under risk-adaptive access control from NIST SP 800-95