Companies in the financial services sector can use the Access Rights Management NIST Cybersecurity Practice Guide to coordinate and automate updates to, and improve, user access to information across an organization. Access Rights Management will be explored further in the NCCoE Zero Trust Architecture Project.
The NCCoE developed an access rights management (ARM) system that executes and coordinates changes across the enterprise ARM systems to change the employee’s access for all data and systems quickly, simultaneously, and consistently, according to corporate access policies. The example implementation provides timely management of access changes and reduces the potential for errors. It also enhances directory security. Generally, an ARM system enables a company to give the right person the right access to the right resources at the right time. The ARM reference design and example implementation are described in this NIST Cybersecurity “Access Rights Management” Practice Guide.
The reference design allows a company to execute changes and coordinate employee access to data and systems quickly, simultaneously, and consistently—and in accordance with corporate access policies and industry regulations.
Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.
A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI.