U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

SP 1800-3 (Draft)

Attribute Based Access Control

Date Published: September 2015
Comments Due: December 4, 2015 (public comment period is CLOSED)
Email Questions to: abac-nccoe@nist.gov

Author(s)

William Fisher (NIST), Norm Brickman (MITRE), Santos Jha (MITRE), Sarah Weeks (MITRE), Ted Kolovos (MITRE), Prescott Burden (MITRE)

Editor(s)

Leah Kauffman (NIST)

Announcement

NIST requests public comments on Draft NIST Cybersecurity Practice Guide 1800-3, Attribute Based Access Control.

Most businesses today use Role Based Access Control (RBAC) to assign access to networks and systems based on job title or defined role. But if an employee changes roles or leaves the company, an administrator must manually change access rights accordingly-perhaps within several systems. As organizations expand and contract, partner with external vendors or systems, and modernize systems, this method of managing user access becomes increasingly difficult and inefficient.

To help address this growing cybersecurity challenge and support the next generation of identity management, security engineers at the National Cybersecurity Center of Excellence (NCCoE) developed a reference design for an Attribute Based Access Control (ABAC) system. ABAC is an advanced method for managing access rights for people and systems connecting to networks and assets, offering greater efficiency, flexibility, scalability, and security. In fact, Gartner recently predicted that "by 2020, 70% of enterprises will use attribute-based access control...as the dominant mechanism to protect critical assets, up from less than 5% today."

This newly available practice guide provides IT and security engineers with critical information they can use to recreate the example solution with the same or similar technologies. Our solution is guided by NIST standards and industry best practices.

Abstract

Keywords

authentication; authorization; identity federation; identity management; identity provider; attribute provider; relying party  ; ; access management; access control
Control Families

Access Control; Identification and Authentication

Documentation

Publication:
Draft SP 1800-3 files

Supplemental Material:
NIST news (other)

Document History:
09/29/15: SP 1800-3 (Draft)
09/20/17: SP 1800-3 (Draft)

Topics

Security and Privacy
authentication