We are excited to announce the release of our latest NIST Cybersecurity Special Publication 1800-3 Rev 2: Attribute Based Access Control. This revision of the original NCCoE practice guide is a draft, and we welcome your comments and feedback.
What’s the guide about?
Most businesses today use Role-Based Access Control (RBAC) to assign access to the network and systems based on job title or defined role. But if an employee changes roles or leaves the company, an administrator must manually change access rights accordingly—perhaps within several systems. As organizations expand and contract, partner with external entities, and modernize systems, this method of managing user access becomes increasingly difficult and inefficient.
Attribute based access control (ABAC) offers more dynamic capabilities for greater efficiency, flexibility, scalability, and security than traditional access control methods, without burdening administrators or users.
The National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), has developed an example of an advanced access control system. Our ABAC reference design can manage access to networked resources more securely and efficiently, and with greater granularity than traditional access management. It enables the appropriate permissions and limitations for the same information system for each user based on individual attributes, and allows for permissions to multiple systems to be managed by a single platform, without a heavy administrative burden.
Our approach uses commercially available products that can be included alongside current products in an existing infrastructure.
The full draft practice guide is also available for download in PDF or web viewing.
We look forward to receiving your comments on the second draft guide—the approach, the architecture, and possible alternatives.
The comment period is open through October 20, 2017. Comments will be made public after review and can be submitted anonymously. Submit comments online or via email to abac-nccoe@nist.gov.