Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Assessment of Access Control Systems

Published

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn

Abstract

Access control is perhaps the most basic aspect of computer security. Nearly all applications that deal with financial, privacy, safety, or defense include some form of access control. In many systems access control takes the form of a simple password mechanism, but many require more sophisticated and complex control. In addition to the authentication mechanism (such as a password), access control is concerned with how authorizations are structured. In some cases, authorization may mirror the structure of the organization, while in others it may be based on the sensitivity level of various documents and the security level of the user accessing those documents. This publication explains some of the most commonly used access control services available in information technology systems, their structure, where they are likely to be used, and advantages and disadvantages of each.
Citation
NIST Interagency/Internal Report (NISTIR) - 7316
Report Number
7316

Keywords

access control, authentication, authorization, Discretionary Access Control, Non-Discretionary Access Control, RBAC, Role-Based Access Control, Rule-Based Access Control, security metrics, XML-Based Access Control

Citation

, C. , Ferraiolo, D. and Kuhn, D. (2006), Assessment of Access Control Systems, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.7316 (Accessed March 28, 2024)
Created September 29, 2006, Updated November 10, 2018