New Revision to NIST Cybersecurity Practice Guide: "Attribute Based Access Control"

We are excited to announce the release of our latest NIST Cybersecurity Special Publication 1800-3 Rev 2: Attribute Based Access Control. This revision of the original NCCoE practice guide is a draft, and we welcome your comments and feedback.

The National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), has developed an example of an advanced access control system. Our ABAC reference design can manage access to networked resources more securely and efficiently, and with greater granularity than traditional access management. It enables the appropriate permissions and limitations for the same information system for each user based on individual attributes and allows for permissions to multiple systems to be managed by a single platform, without a heavy administrative burden.

Our approach uses commercially available products that can be included alongside current products in an existing infrastructure.

The full draft practice guide is also available for download in PDF or web viewing.

We look forward to receiving your comments on the second draft guide—the approach, the architecture, and possible alternatives.

Stay informed about updates, send us an email at abac-nccoe@nist.gov.