To solve the interoperability and policy enforcement problems of today’s access control approaches, NIST has developed a specification and open source reference implementation, of an authorization system, referred to as the Policy Machine (PM). The PM has evolved from a concept to a formal specification, to a reference implementation and open source distribution. The PM is designed in support of, and in alignment with a NIST led American National Standards Institute/International Committee for Information Technology Standards (ANSI/INCITS) standard under the title of Next Generation Access Control (NGAC). The PM/NGAC is a fundamental reworking of traditional access control into a form suited to the needs of the modern, distributed, interconnected enterprise. The PM/NGAC is being used as the basis for a growing number of commercial and academic product offerings and as the foundation for several dissertations.
For more information visit our CSRC website at: https://csrc.nist.gov/Projects/Policy-Machine