Guide to Attribute Based Access Control (ABAC) Definition and Considerations

Hu, Vincent; Ferraiolo, David; Kuhn, Richard; Schnitzer, Adam; Sandlin, Kenneth; Miller, Robert; Scarfone, Karen

doi:https://doi.org/10.6028/NIST.SP.800-162

SP 800-162

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

Documentation Topics

Date Published: January 2014 (includes updates as of 08-02-2019)

Supersedes: SP 800-162 (02/25/2019)

Author(s)

Vincent Hu (NIST), David Ferraiolo (NIST), Richard Kuhn (NIST), Adam Schnitzer (BAH), Kenneth Sandlin (MITRE), Robert Miller (MITRE), Karen Scarfone (Scarfone Cybersecurity)

Abstract

This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. This document also provides considerations for using ABAC to improve information sharing within organizations and between organizations while maintaining control of that information.

Keywords

access control; access control mechanism; access control model; access control policy; attribute based access control (ABAC); authorization; privilege

Control Families

Access Control

Documentation

Publication:
SP 800-162 (DOI)
Local Download

Supplemental Material:
None available

Related NIST Publications:
SP 800-205
NISTIR 8112
Book

Document History:
08/02/19: SP 800-162 (Final)

Topics

Security and Privacy
access authorization; access control

Information Technology Laboratory

Computer Security Resource Center

Computer Security Resource Center

SP 800-162

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

Author(s)

Abstract

Keywords

Control Families

Documentation

Topics