Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Attribute Based Access Control (ABAC) Definition and Considerations



Chung Tong Hu


Attribute-Based Access Control (ABAC) is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. Over the past decade, vendors have begun implementing Attribute Based Access Control (ABAC)-like features in their security management and network operating system products, without general agreement as to what constitutes an appropriate set of ABAC features. Due to a lack of consensus on ABAC features, users cannot accurately assess the benefits and challenges associated with ABAC. To date there has not been a comprehensive effort to formally define or guide the implementation of ABAC within the federal government. NIST Special Publication (SP) 800-162 (Draft), Guide to Attribute Based Access Control (ABAC) Definition and Considerations, serves a two-fold purpose. First, it aims to provide Federal agencies with a definition of ABAC and a description of the functional components of ABAC. Second, it provides planning, design, implementation, and operational considerations for employing ABAC within a large enterprise with the goal of improving information sharing while maintaining control of that information.
ITL Bulletin -


Access Control, Authorization, Policy, Attribute Based Access Control, Privilege


, C. (2014), Attribute Based Access Control (ABAC) Definition and Considerations, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed June 15, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created March 7, 2014, Updated February 19, 2017