Email this Article Email   

CHIPS Articles: NIST Announces Attribute Considerations for Access Control Systems

NIST Announces Attribute Considerations for Access Control Systems
By CHIPS Magazine - February 20, 2019
As many organizations explore options for cyber-secure multifactor access, the National Institute for Standards and Technology released Draft Special Publication 800-205 which describes the attribute-influencing factors that an access control system must address when engineering and evaluating attributes. The document expands upon NIST’s NIST SP 800-162, Guide to Attribute Based Access Control (ABAC) Definition and Considerations. The new draft proposes some notional implementation suggestions for consideration from the perspectives of fundamental security properties. It is intended to be a guide for federal agencies to attribute considerations with Attribute Evaluation Scheme examples for access control.

Attributes enable a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environmental conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. This document outlines factors which influence attributes that an authoritative body must address when standardizing an attribute system and proposes some notional implementation suggestions for consideration.

Comments Due: April 1, 2019. Email Comments to: sp800-205-comments@nist.gov

Authors: Vincent Hu (NIST), David Ferraiolo (NIST), Richard Kuhn (NIST)

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer