, C.
, Iorga, M.
, Bao, W.
, Li, A.
, Li, Q.
and Gouglidis, A.
(2020),
General Access Control Guidance for Cloud Systems, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-210
(Accessed October 9, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
General Access Control Guidance for Cloud Systems
Published
Author(s)
, , Wei Bao, Ang Li, Qinghua Li, Antonios Gouglidis
Abstract
This document presents cloud access control characteristics and a set of general access control guidance for cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). Different service delivery models require managing different types of access on offered service components. Such service models can be considered hierarchical, thus the access control guidance of functional components in a lower-level service model are also applicable to the same functional components in a higher-level service model. In general, access control guidance for IaaS is also applicable to PaaS and SaaS, and access control guidance for IaaS and PaaS is also applicable to SaaS. However, each service model has its own focus with regard to access control requirements for its service.Citation
Special Publication (NIST SP) - 800-210
Report Number
800-210
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
access control, access control mechanism, Cloud, cloud systems, policy, authorization ABAC, RBAC
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created July 30, 2020, Updated August 10, 2020