Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology / Cybersecurity

Identity & Access Management

Search Publications

Search Title, Abstract, Conference, Citation, Keyword or Author

Title

Author

NIST Pub Series

Report Number

Published Date

Min

Max

Displaying 101 - 113 of 113

Guide to Application Whitelisting

October 28, 2015

Author(s)

Adam Sedgewick, Murugiah Souppaya, Karen Scarfone

An application whitelist is a list of applications and application components that are authorized for use in an organization. Application whitelisting technologies use whitelists to control which applications are permitted to execute on a host. This helps

Policy Machine: Features, Architecture, and Specification

October 27, 2015

Author(s)

David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen

The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to enforce a

Security of Interactive and Automated Access Management Using Secure Shell (SSH)

October 15, 2015

Author(s)

Tatu Ylonen, Paul Turner, Karen Scarfone, Murugiah Souppaya

Users and hosts must be able to access other hosts in an interactive or automated fashion, often with very high privileges, for a variety of reasons, including file transfers, disaster recovery, privileged access management, software and patch management

Implementing and Managing Policy Rules in Attribute Based Access Control

August 13, 2015

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Raghu N. Kacker, Yu Lei

Attribute Based Access Control (ABAC) is a popular approach to enterprise-wide access control that provides flexibility suitable for today's dynamic distributed systems. ABAC controls access to objects by evaluating policy rules against the attributes of

Improved Security and Mobility Through Updated Interfaces for PIV Cards

July 21, 2015

Author(s)

Hildegard Ferraiolo, Larry Feldman, Gregory A. Witte

This bulletin summarizes the information presented in NIST SP 800-73-4: Interfaces for Personal Identity Verification and NIST SP 800-78-4: Cryptographic Algorithms and Key Sizes for Personal Identity Verification. SP 800-73-4 has been updated to align

Interfaces for Personal Identity Verification

May 29, 2015

Author(s)

David Cooper, Hildegard Ferraiolo, Ketan L. Mehta, Salvatore Francomacaro, Ramaswamy Chandramouli, Jason Mohler

[Superseded by SP 800-73-4 (May 2015, w/updates as of 2/8/2016): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=920323] FIPS 201 defines the requirements and characteristics of a government-wide interoperable identity credential. FIPS 201

An Access Control Scheme for Big Data Processing

November 11, 2014

Author(s)

Chung Tong Hu, Timothy Grance, David F. Ferraiolo, David R. Kuhn

Access Control (AC) systems are among the most critical of network security components. A system's privacy and security controls are more likely to be compromised due to the misconfiguration of access control policies rather than the failure of