Published: February 25, 2019
Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone
This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment conditions against policy, rules, or relationships that describe the allowable operations for a given set of attributes. This document also provides considerations for using ABAC to improve information sharing within organizations and between organizations while maintaining control of that information. [Supersedes SP 800-162 (January 2014): https://www.nist.gov/publications/guide-attribute- based-access-control-abac-definition-and-considerations]
Citation: Special Publication (NIST SP) - 800-162Report Number:
NIST Pub Series: Special Publication (NIST SP)
Pub Type: NIST Pubs
access control, access control mechanism, access control model, access control policy, attribute based access control (ABAC), authorization, privilege.
Created February 25, 2019, Updated February 25, 2019