Published: September 20, 1993
Author(s)
David Ferraiolo (NIST), Dennis Gilbert (NIST), Nickilyn Lynch (NIST)
Conference
Name: 16th National Computer Security Conference
Dates: September 20-23, 1993
Location: Baltimore, Maryland, United States
Citation: Proceedings of the 16th National Computer Security Conference, pp. 107-116
In a cooperative effort with government and industry, the National Institute of Standards and Technology (NIST) conducted a study to assess the current and future information technology (IT) security needs of the commercial, civil, and military sectors. The study was documented in NISTIR 4976, Assessing Federal and Commercial Information Security Needs. The conclusions of the study address basic security needs of IT product users, who include system developers, end users, administrators, and evaluators. Security needs were identified based on existing security organizational practices. This paper reviews the access control findings of the NIST study and explores how an expanded set of access control objectives might be applied in a variety of application environments.
In a cooperative effort with government and industry, the National Institute of Standards and Technology (NIST) conducted a study to assess the current and future information technology (IT) security needs of the commercial, civil, and military sectors. The study was documented in NISTIR 4976,...
See full abstract
In a cooperative effort with government and industry, the National Institute of Standards and Technology (NIST) conducted a study to assess the current and future information technology (IT) security needs of the commercial, civil, and military sectors. The study was documented in NISTIR 4976, Assessing Federal and Commercial Information Security Needs. The conclusions of the study address basic security needs of IT product users, who include system developers, end users, administrators, and evaluators. Security needs were identified based on existing security organizational practices. This paper reviews the access control findings of the NIST study and explores how an expanded set of access control objectives might be applied in a variety of application environments.
Hide full abstract
Keywords
access control objectives; access control policy; policy objectives; trusted systems
Control Families
None selected