Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Proceedings of the Privilege Management Workshop, September 1-3, 2009



Tanya L. Brewer, Annie W. Sokol, Sheldon A. Durrant


Privilege management is large and complex, often the source of heated debate and opinion, and fraught with widely-understood, yet ill-defined terminology and concepts. The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) sponsored the first Privilege Management Workshop at NIST's main campus in Gaithersburg, Maryland, September 1-3, 2009. The workshop was attended by approximately 120 people representing Executive branch Federal agencies, the private sector, and academia. The primary goal of this first workshop was to bring together a wide spectrum of individuals representing differing viewpoints, use cases, and organizational needs with the intent to reach a common understanding of several facets of this important area. This includes reaching consensus on the definition of privilege management and other terminology; understanding and analyzing the strengths and weaknesses of current and proposed access control models; ascertaining the current state of the practice and future research directions in privilege management; and understanding and articulating the managerial, legal, and policy requirements associated with privilege management.
NIST Interagency/Internal Report (NISTIR) - 7665
Report Number


access control, eXtensible Access Control Markup Language, healthcare IT, Health Insurance Portability and Accountability Act, HIPAA, privilege management, RAdAC, Risk-Adaptable Access Control, XACML


Brewer, T. , Sokol, A. and Durrant, S. (2010), Proceedings of the Privilege Management Workshop, September 1-3, 2009, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed April 18, 2024)
Created January 1, 2010, Updated November 10, 2018