Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Policy Machine and Next Generation Access Control

To solve the interoperability and policy enforcement problems of today’s access control approaches, NIST has developed a specification and open source reference implementation, of an authorization system, referred to as the Policy Machine (PM). The PM has evolved from a concept to a formal specification, to a reference implementation and open source distribution. The PM is designed in support of, and in alignment with a NIST led American National Standards Institute/International Committee for Information Technology Standards (ANSI/INCITS) standard under the title of Next Generation Access Control (NGAC). The PM/NGAC is a fundamental reworking of traditional access control into a form suited to the needs of the modern, distributed, interconnected enterprise. The PM/NGAC is being used as the basis for a growing number of commercial and academic product offerings and as the foundation for several dissertations.

For more information visit our CSRC website at:

Created February 7, 2020, Updated April 5, 2022