Planning Report 02-1: The Economic Impact of Role-Based Access Control
Michael P. Gallaher, Alan C. O'Connor, Brian Kropp, Gregory C. Tassey
The National Institute of Standards and Technology (NIST) began working on RBAC in the early 1990s after a study of federal agency security needs identified the need to develop a better method for managing large networked systems and complex access issues (Ferraiolo, Gilbert, and Lynch, 1992). Over the past decade, NIST's RBAC project has made significant contributions to the development and adoption of RBAC through publishing in the professional literature, sponsoring conferences and outreach projects, and supplying infrastructure tools to industry. The objectives of this study was to conduct a microeconomics impact assessment of the (1) benefits of RBAC relative to alternative access control systems, and (2) economic return from the NIST/Information Technology Laboratory (ITL) RBAC project's contributions to the development and adoption of RBAC. Based on interviews with software developers and companies using RBAC-enabled products, we projected that the net present value of RBAC through 2006 will be approximately $671 million. NIST's contributions were estimated to account for 44 percent of the benefits of RBAC, leading to a social rate of return to the NIST/RBAC project of approximately 62 percent.
, O'Connor, A.
, Kropp, B.
and Tassey, G.
Planning Report 02-1: The Economic Impact of Role-Based Access Control, OTHER, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=916549
(Accessed June 8, 2023)