U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST SP 1800-3 (2nd Public Draft)

Attribute Based Access Control

Date Published: September 2017
Comments Due: October 20, 2017 (public comment period is CLOSED)
Email Questions to: abac-nccoe@nist.gov

Planning Note (07/22/2022): NIST has ceased further development of this draft publication.

Author(s)

William Fisher (NIST), Norm Brickman (MITRE), Prescott Burden (MITRE), Santos Jha (MITRE), Brian Johnson (MITRE), Andrew Keller (MITRE), Ted Kolovos (MITRE), Sudhi Umarji (MITRE), Sarah Weeks (MITRE)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) has developed an example of an advanced access control system (ABAC). This ABAC reference design can manage access to networked resources more securely and efficiently, and with greater granularity than traditional access management. It enables the appropriate permissions and limitations for the same information system for each user based on individual attributes, and allows for permissions to multiple systems to be managed by a single platform, without a heavy administrative burden.

This approach uses commercially available products that can be included alongside current products in an existing infrastructure. The full draft practice guide is also available for download in PDF or web viewing.

The NCCoE team looks forward to receiving your comments on the second draft guide—the approach, the architecture, and possible alternatives. The comment period is open through October 20, 2017. Comments will be made public after review and can be submitted anonymously.

Abstract

Keywords

identity federation; identity management; identity provider; relying party; access control; access management; attribute provider; authorization; authentication
Control Families

Access Control; Identification and Authentication

Documentation

Publication:
Second Draft SP 1800-3

Supplemental Material:
None available

Document History:
09/29/15: SP 1800-3 (Draft)
09/20/17: SP 1800-3 (Draft)