The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence has started to seek public comments on a draft guide for the implementation of an attribute-based access control system.
ABAC systems work to help corporate and public organizations manage an individual’s access rights to data networks and related systems based on the user’s certification, title, training and other attributes, NIST said Wednesday.
“We wanted to demonstrate to organizations how some of ABAC’s fundamental capabilities can address their cybersecurity challenges,” said Bill Fisher, a security engineer at NCCoE and ABAC project lead.
The draft guidance discusses potential advantages and security risks associated with the adoption of an ABAC platform and how institutions can decide on various users’ access rights to information networks through commercially available systems.
NIST’s NCCoE will accept feedback on the draft guide through Dec. 4.