Washington, DC - What's the guide about? Most businesses today use Role-Based Access Control (RBAC) to assign access to the network and systems based on job title or defined role. But if an employee changes roles or leaves the company, an administrator must manually change access rights accordingly—perhaps within several systems. As organizations expand and contract, partner with external entities, and modernize systems, this method of managing user access becomes increasingly difficult and inefficient.

Attribute based access control (ABAC) offers more dynamic capabilities for greater efficiency, flexibility, scalability, and security than traditional access control methods, without burdening administrators or users.

The National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), has developed an example of an advanced access control system. Our ABAC reference design can manage access to networked resources more securely and efficiently, and with greater granularity than traditional access management. It enables the appropriate permissions and limitations for the same information system for each user based on individual attributes, and allows for permissions to multiple systems to be managed by a single platform, without a heavy administrative burden.

Our approach uses commercially available products that can be included alongside current products in an existing infrastructure.

The full draft practice guide is also available for download in PDF or web viewing.