Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Attribute Considerations for Access Control Systems: Draft NIST SP 800-205 Available for Comment

Draft NIST Special Publication 800-205, "Attribute Considerations for Access Control Systems," is available for public comment. Please submit comments by April 1, 2019. 

Attribute-based access control systems rely upon enterprise-specific attributes to both define access control policy rules and enforce the access control. Confidence in access control decisions is dependent on the accuracy, integrity, and timely availability of attributes. Attributes must therefore be established, defined, and constrained by allowable values required by the relevant digital policies, and those shared across organizations should provide assurance.

NIST invites comments on Draft Special Publication (SP) 800-205, Attribute Considerations for Access Control Systemswhich describes the attribute-influencing factors that an access control system must address when engineering and evaluating attributes. The document proposes some notional implementation suggestions for consideration from the perspectives of fundamental security properties: preparation, veracity, security, readiness, and management applied to access control systems. A general attribute framework with examples is demonstrated to show the importance and efficiency of the semantic and syntactic accuracies of attributes in federated access control environments, especially when natural language policies (NLP) are the initial policies. The discussed considerations are summarized to illustrate Attribute Evaluation Scheme examples, which are applied to different access control system requirements.

A public comment period for this document is open until April 1, 2019.

 

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Released February 13, 2019, Updated February 14, 2019