U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Planning Report 02-1: The Economic Impact of Role-Based Access Control

Published

Author(s)

Michael P. Gallaher, Alan C. O'Connor, Brian Kropp, Gregory C. Tassey

Abstract

The National Institute of Standards and Technology (NIST) began working on RBAC in the early 1990s after a study of federal agency security needs identified the need to develop a better method for managing large networked systems and complex access issues (Ferraiolo, Gilbert, and Lynch, 1992). Over the past decade, NIST's RBAC project has made significant contributions to the development and adoption of RBAC through publishing in the professional literature, sponsoring conferences and outreach projects, and supplying infrastructure tools to industry. The objectives of this study was to conduct a microeconomics impact assessment of the (1) benefits of RBAC relative to alternative access control systems, and (2) economic return from the NIST/Information Technology Laboratory (ITL) RBAC project's contributions to the development and adoption of RBAC. Based on interviews with software developers and companies using RBAC-enabled products, we projected that the net present value of RBAC through 2006 will be approximately $671 million. NIST's contributions were estimated to account for 44 percent of the benefits of RBAC, leading to a social rate of return to the NIST/RBAC project of approximately 62 percent.
Citation
OTHER - 02-1
Report Number
02-1
NIST Pub Series
Other
Pub Type
NIST Pubs

Download Paper

Local Download

Keywords

economic impact assessment, RBAC, Role-Based Access Control
Cybersecurity

Citation

Gallaher, M. , O'Connor, A. , Kropp, B. and Tassey, G. (2002), Planning Report 02-1: The Economic Impact of Role-Based Access Control, OTHER, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=916549 (Accessed July 7, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created February 28, 2002, Updated October 12, 2021
Was this page helpful?