Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Publication Citation: Attribute Based Access Control (ABAC) Definition and Considerations

NIST Authors in Bold

Author(s): Chung Tong Hu;
Title: Attribute Based Access Control (ABAC) Definition and Considerations
Published: March 07, 2014
Abstract: Attribute-Based Access Control (ABAC) is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. Over the past decade, vendors have begun implementing Attribute Based Access Control (ABAC)-like features in their security management and network operating system products, without general agreement as to what constitutes an appropriate set of ABAC features. Due to a lack of consensus on ABAC features, users cannot accurately assess the benefits and challenges associated with ABAC. To date there has not been a comprehensive effort to formally define or guide the implementation of ABAC within the federal government. NIST Special Publication (SP) 800-162 (Draft), Guide to Attribute Based Access Control (ABAC) Definition and Considerations, serves a two-fold purpose. First, it aims to provide Federal agencies with a definition of ABAC and a description of the functional components of ABAC. Second, it provides planning, design, implementation, and operational considerations for employing ABAC within a large enterprise with the goal of improving information sharing while maintaining control of that information.
Citation: ITLB -
Pages: 4 pp.
Keywords: Access Control, Authorization, Policy, Attribute Based Access Control, Privilege
Research Areas: Cybersecurity
PDF version: PDF Document Click here to retrieve PDF version of paper (389KB)