Privilege management is large and complex, often the source of heated debate and opinion, and fraught with widely-understood, yet ill-defined terminology and concepts. The National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) sponsored the first Privilege Management Workshop at NIST's main campus in Gaithersburg, Maryland, September 1-3, 2009. The workshop was attended by approximately 120 people representing Executive branch Federal agencies, the private sector, and academia. The primary goal of this first workshop was to bring together a wide spectrum of individuals representing differing viewpoints, use cases, and organizational needs with the intent to reach a common understanding of several facets of this important area. This includes reaching consensus on the definition of privilege management and other terminology; understanding and analyzing the strengths and weaknesses of current and proposed access control models; ascertaining the current state of the practice and future research directions in privilege management; and understanding and articulating the managerial, legal, and policy requirements associated with privilege management.
Citation: NIST Interagency/Internal Report (NISTIR) - 7665
NIST Pub Series: NIST Interagency/Internal Report (NISTIR)
Pub Type: NIST PubsReport Number:
access control, eXtensible Access Control Markup Language, healthcare IT, Health Insurance Portability and Accountability Act, HIPAA, privilege management, RAdAC, Risk-Adaptable Access Control, XACML