U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


Secure websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to our website. Please do not share sensitive information with us.

This is an archive
(replace .gov by .rip)

SP 800-204B

Attribute-based Access Control for Microservices-based Applications using a Service Mesh

Date Published: August 2021


Ramaswamy Chandramouli (NIST), Zack Butcher (Tetrate), Aradhna Chetal (TIAA)



attribute-based access control; authentication policy; authorization policy; CI/CD; DevSecOps; JSON web token; microservices-based application; mutual TLS; next generation access control; policy enforcement point; role-based access control; service mesh; service proxy; zero trust
Control Families

None selected


SP 800-204B (DOI)
Local Download

Supplemental Material:
None available

Other Parts of this Publication:
SP 800-204
SP 800-204A

Document History:
01/26/21: SP 800-204B (Draft)
08/06/21: SP 800-204B (Final)